Re:Re: Re: Re: Add support to TLS 1.3 cipher suites and curves lists
Hi Jelte and Daniel, Based on my understanding currently there is no setting that controls the cipher choices used by TLS version 1.3 connections but the default value(HIGH:MEDIUM:+3DES:!aNULL) is used. So if I want to connect to Postgres (eg. Postgres 14) with different TLS versions of customized ciphers instead of default one like below: eg. TLS1.2 of ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA TLS1.3 of ciphers TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 For TLS1.2 connection, we can set the configuration in postgresql.conf as: ssl_ciphers = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA' How can I achieve the value for TLS1.3? Do you mean I can set the Ciphersuites in openssl.conf, then Postgres will pick up and use this value accordingly? eg. I can run below command to set ciphersuites of TLS1.3 on my appliance: openssl ciphers -ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 then Postgres will use 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256" as ciphers for TLS1.3 connection? Thanks, Erica Zhang Original Email Sender:"Jelte Fennema-Nio"< postg...@jeltef.nl >; Sent Time:2024/6/12 16:51 To:"Erica Zhang"< ericazhangy2...@qq.com >; Cc recipient:"Michael Paquier"< mich...@paquier.xyz >;"Peter Eisentraut"< pe...@eisentraut.org >;"pgsql-hackers"< pgsql-hackers@lists.postgresql.org >; Subject:Re: Re: Re: Add support to TLS 1.3 cipher suites and curves lists On Wed, 12 Jun 2024 at 04:32, Erica Zhang wrote: > There are certain government, financial and other enterprise organizations that have very strict requirements about the encrypted communication and more specifically about fine grained params like the TLS ciphers and curves that they use. The default ones for those customers are not acceptable. Any products that integrate Postgres and requires encrypted communication with the Postgres would have to fulfil those requirements. Yeah, I ran into such requirements before too. So I do think it makes sense to have such a feature in Postgres. > So if we can have this patch in the upcoming new major version, that means Postgres users who have similar requirements can upgrade to PG17. As Daniel mentioned you can already achieve the same using the "Ciphersuites" directive in openssl.conf. Also you could of course always disable TLSv1.3 support.
Re: Re: Re: Add support to TLS 1.3 cipher suites and curves lists
On Wed, 12 Jun 2024 at 04:32, Erica Zhang wrote: > There are certain government, financial and other enterprise organizations > that have very strict requirements about the encrypted communication and more > specifically about fine grained params like the TLS ciphers and curves that > they use. The default ones for those customers are not acceptable. Any > products that integrate Postgres and requires encrypted communication with > the Postgres would have to fulfil those requirements. Yeah, I ran into such requirements before too. So I do think it makes sense to have such a feature in Postgres. > So if we can have this patch in the upcoming new major version, that means > Postgres users who have similar requirements can upgrade to PG17. As Daniel mentioned you can already achieve the same using the "Ciphersuites" directive in openssl.conf. Also you could of course always disable TLSv1.3 support.
Re: Re: Add support to TLS 1.3 cipher suites and curves lists
On Fri, Jun 7, 2024 at 3:02 AM Erica Zhang wrote: > > For some security consideration, we prefer to use TLS1.3 cipher suites in our > product with some customization values instead of default value > "HIGH:MEDIUM:+3DES:!aNULL". Moreover we prefer to set a group of ecdh keys > instead of a single value. +1 for the curve list feature, at least. No opinions on the 1.3 ciphersuites half, yet. I've added this patch to my planned review for the v18 cycle. Some initial notes: - Could you separate the two features into two patches? That would make it easier for reviewers. (They can still share the same thread and CF entry.) - The "curve" APIs have been renamed "group" in newer OpenSSLs for a while now, and we should probably use those if possible. - I think parsing apart the groups list to check NIDs manually could lead to false negatives. From a docs skim, 3.0 allows providers to add their own group names, and 3.3 now supports question marks in the string to allow graceful fallbacks. - I originally thought it'd be better to just stop calling SSL_set_tmp_ecdh() entirely by default, so we could use OpenSSL's builtin list of groups. But that may have denial-of-service concerns [1]? - We should maybe look into SSL_CTX_config(), if we haven't discussed that already on the list, but that's probably a bigger tangent and doesn't need to be part of this patch. Thanks, --Jacob [1] https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/index.html
Re: Re: Add support to TLS 1.3 cipher suites and curves lists
On Fri, Jun 07, 2024 at 06:02:37PM +0800, Erica Zhang wrote: > I see the https://commitfest.postgresql.org/48/ is still open, could > it be possible to target for PG17? As I know PG17 is going to be > release this year so that we can upgrade our instances to this new > version accodingly. Echoing with Peter, https://commitfest.postgresql.org/48/ is planned to be the first commit fest of the development cycle for Postgres 18. v17 is in feature freeze state and beta, where only bug fixes are accepted, and not new features. -- Michael signature.asc Description: PGP signature
