Hello everyone, I sent few days ago to the security DL a mail reporting a vulnerability in how Postgres is requesting DH params to be used later for encryption algorithms. So, due to there is no problem sharing with this group, here is what I sent:
------------------------------------------------------------------------------------------------------------------------------------------ Hi folks, We are working with Postgres 9.3.14 and executing nmap we found that it is using “weak DH group” (nmap –script ssl-dh-params). Weak = 1024 bits. See nmap output (1) We don’t know if other versions are affected or not. The environment used is a RHEL 6 x86_6, OpenSSL version 1.0.2i with FIPS module. This issue is similar to what this post explains about using weak DH parameters: http://www.usefuljs.net/2016/09/29/imperfect-forward-secrecy/ Following with the code, it seems that PostgreSQL has missed the keyLength OpenSSL parameter, and it delivers into a weak crypto configuration.. Affected Code: https://git.postgresql.org/gitweb/?p=postgresql.git;a= blob;f=src/backend/libpq/be-secure-openssl.c;h= 8d8f12952a4a4f14a15f8647b96935e13d68fb39;hb=48d50840d53eb62842c0d9b54eab9c d7c9a3a46d (Thanks to Damian in order to found the affected code) (1) nmap output: # nmap –script ssl-dh-params -p 5432 <ip> Starting Nmap 7.25BETA2 ( https://nmap.org ) Nmap scan report for <ip> Host is up (0.00035s latency). PORT STATE SERVICE 5432/tcp open postgresql | ssl-dh-params: | VULNERABLE: | Diffie-Hellman Key Exchange Insufficient Group Strength | State: VULNERABLE | Transport Layer Security (TLS) services that use Diffie-Hellman groups | of insufficient strength, especially those using one of a few commonly | shared groups, may be susceptible to passive eavesdropping attacks. | Check results: | WEAK DH GROUP 1 | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | Modulus Type: Safe prime | Modulus Source: Unknown/Custom-generated | Modulus Length: 1024 | Generator Length: 8 | Public Key Length: 1024 | References: |_ https://weakdh.org ------------------------------------------------------------------------------------------------------------------------------------------ Thanks in advance Nicolas Guini