Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sJYcr-005Y2p-2V for pgsql-hackers@arkaria.postgresql.org; Tue, 18 Jun 2024 13:11:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sJYco-00Cvx7-Px for pgsql-hackers@arkaria.postgresql.org; Tue, 18 Jun 2024 13:11:51 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sJYco-00CvwL-8e for pgsql-hackers@lists.postgresql.org; Tue, 18 Jun 2024 13:11:51 +0000 Received: from smtp.outgoing.loopia.se ([93.188.3.37]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sJYcl-001uk8-IW for pgsql-hackers@postgresql.org; Tue, 18 Jun 2024 13:11:49 +0000 Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id 2D5AB302460E for ; Tue, 18 Jun 2024 15:11:44 +0200 (CEST) Received: from s980.loopia.se (unknown [172.22.191.5]) by s807.loopia.se (Postfix) with ESMTP id 1E0EF2E28FE6; Tue, 18 Jun 2024 15:11:44 +0200 (CEST) Received: from s473.loopia.se (unknown [172.22.191.6]) by s980.loopia.se (Postfix) with ESMTP id 1C9622201682; Tue, 18 Jun 2024 15:11:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at amavis.loopia.se X-Spam-Flag: NO X-Spam-Score: -1.2 X-Spam-Level: X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1] autolearn=disabled Authentication-Results: s473.loopia.se (amavisd-new); dkim=pass (2048-bit key) header.d=yesql.se Received: from s981.loopia.se ([172.22.191.6]) by s473.loopia.se (s473.loopia.se [172.22.190.13]) (amavisd-new, port 10024) with UTF8LMTP id TUypifwqgbj4; Tue, 18 Jun 2024 15:11:43 +0200 (CEST) X-Loopia-Auth: user X-Loopia-User: daniel@yesql.se X-Loopia-Originating-IP: 89.255.232.193 Received: from smtpclient.apple (customer-89-255-232-193.stosn.net [89.255.232.193]) (Authenticated sender: daniel@yesql.se) by s981.loopia.se (Postfix) with ESMTPSA id 4290D22B16AE; Tue, 18 Jun 2024 15:11:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se; s=loopiadkim1707475645; t=1718716303; bh=C5uzO23N5Cqh4YXUwMlTyjyZ5Vh6ApkVw9183hwFwcg=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=GZShqoJyBpzkaEO2j2SG73BxLY5ikyWLFUkhHzPucuiG97QEp97/ZPfWeRQKpqdWe 0vcDRmh86b6n1dLY3MIp97xdPOi81+ahirso8UZdRShM/xsEdibUU5aG1MoSqphOUl CSTnVoUg1W1R0AyH5z3EQoKowMLMDBJiqawvlC6gNrIo6nWvBS+60yS6d3W2cOlrA4 6wIoax30Us8oFXZczTuEs+6Qfe2ybDuZ9hZsukRAB0EVMmg0UuzG/AWKHcOVyPW/Bw tyqPnOHax29w8oWiIjog3PWTPAj/f1T3QQbj8dPFO2J9uAJOl/xFThUIJjHDFC/OPe z5x0V1YSOjvYg== From: Daniel Gustafsson Message-Id: <4FEAF57B-FFCD-4A91-BE4E-9F17C01AF7C5@yesql.se> Content-Type: multipart/mixed; boundary="Apple-Mail=_8668B109-EB2A-4530-B834-3F4EE98353A0" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\)) Subject: Re: tls 1.3: sending multiple tickets Date: Tue, 18 Jun 2024 15:11:33 +0200 In-Reply-To: <20240617173803.6alnafnxpiqvlh3g@awork3.anarazel.de> Cc: PostgreSQL Hackers To: Andres Freund References: <20240617173803.6alnafnxpiqvlh3g@awork3.anarazel.de> X-Mailer: Apple Mail (2.3774.500.171.1.1) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --Apple-Mail=_8668B109-EB2A-4530-B834-3F4EE98353A0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 17 Jun 2024, at 19:38, Andres Freund wrote: > Note the second to last paragraph: Because we use SSL_OP_NO_TICKET we = trigger > use of stateful tickets. Which afaict are never going to be useful, = because we > don't share the necessary state. Nice catch, I learned something new today. I was under the impression = that the flag turned of all tickets but clearly not. > I guess openssl really could have inferred this from the fact that we = *do* > call SSL_CTX_set_session_cache_mode(SSL_SESS_CACHE_OFF), b Every day with the OpenSSL API is an adventure. > Seems we ought to use SSL_CTX_set_num_tickets() to prevent issuing the = useless > tickets? Agreed, in 1.1.1 and above as the API was only introduced then. = LibreSSL added the API in 3.5.4 but only for compatibility since it doesn't support TLS tickets at all. > It seems like a buglet in openssl that it forces each session tickets = to be > sent in its own packet (it does an explicit BIO_flush(), so even if we > buffered between openssl and OS, as I think we should, we'd still send = it > separately), but I don't really understand most of this stuff. I don't see anything in the RFCs so not sure. The attached applies this, and I think this is backpatching material = since we arguably fail to do what we say in the code. AFAIK we don't have a hard = rule against backpatching changes to autoconf/meson? -- Daniel Gustafsson --Apple-Mail=_8668B109-EB2A-4530-B834-3F4EE98353A0 Content-Disposition: attachment; filename=v1-0001-Disable-all-TLS-session-tickets.patch Content-Type: application/octet-stream; x-unix-mode=0644; name="v1-0001-Disable-all-TLS-session-tickets.patch" Content-Transfer-Encoding: quoted-printable =46rom=205c21ebe072d1c877d7fe8f676879b9a8af76eb1c=20Mon=20Sep=2017=20= 00:00:00=202001=0AFrom:=20Daniel=20Gustafsson=20= =0ADate:=20Tue,=2018=20Jun=202024=2014:50:39=20= +0200=0ASubject:=20[PATCH=20v1]=20Disable=20all=20TLS=20session=20= tickets=0A=0AOpenSSL=20supports=20two=20types=20of=20session=20tickets=20= for=20TLSv1.3,=20stateless=0Aand=20stateful.=20The=20option=20we've=20= used=20only=20turns=20off=20stateless=20tickets=0Aleaving=20stateful=20= tickets=20active.=20Use=20the=20new=20API=20introduced=20in=201.1.1=0Ato=20= disable=20all=20types=20of=20tickets.=0A=0AReported-by:=20Andres=20= Freund=20=0ADiscussion:=20= https://postgr.es/m/20240617173803.6alnafnxpiqvlh3g@awork3.anarazel.de=0A= ---=0A=20configure=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20|=20=209=20+++++----=0A=20configure.ac=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= |=20=202=20+-=0A=20meson.build=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20|=20=201=20+=0A=20= src/backend/libpq/be-secure-openssl.c=20|=2014=20+++++++++++++-=0A=20= src/include/pg_config.h.in=20=20=20=20=20=20=20=20=20=20=20=20|=20=203=20= +++=0A=205=20files=20changed,=2023=20insertions(+),=206=20deletions(-)=0A= =0Adiff=20--git=20a/configure=20b/configure=0Aindex=20= 7b03db56a6..519a2e5ce6=20100755=0A---=20a/configure=0A+++=20b/configure=0A= @@=20-12591,12=20+12591,13=20@@=20fi=0A=20done=0A=20=0A=20=20=20#=20= Function=20introduced=20in=20OpenSSL=201.1.1.=0A-=20=20for=20ac_func=20= in=20X509_get_signature_info=0A+=20=20for=20ac_func=20in=20= X509_get_signature_info=20SSL_CTX_set_num_tickets=0A=20do=20:=0A-=20=20= ac_fn_c_check_func=20"$LINENO"=20"X509_get_signature_info"=20= "ac_cv_func_X509_get_signature_info"=0A-if=20test=20= "x$ac_cv_func_X509_get_signature_info"=20=3D=20xyes;=20then=20:=0A+=20=20= as_ac_var=3D`$as_echo=20"ac_cv_func_$ac_func"=20|=20$as_tr_sh`=0A= +ac_fn_c_check_func=20"$LINENO"=20"$ac_func"=20"$as_ac_var"=0A+if=20eval=20= test=20\"x\$"$as_ac_var"\"=20=3D=20x"yes";=20then=20:=0A=20=20=20cat=20= >>confdefs.h=20<<_ACEOF=0A-#define=20HAVE_X509_GET_SIGNATURE_INFO=201=0A= +#define=20`$as_echo=20"HAVE_$ac_func"=20|=20$as_tr_cpp`=201=0A=20_ACEOF=0A= =20=0A=20fi=0Adiff=20--git=20a/configure.ac=20b/configure.ac=0Aindex=20= 63e7be3847..6e28c2d04c=20100644=0A---=20a/configure.ac=0A+++=20= b/configure.ac=0A@@=20-1358,7=20+1358,7=20@@=20if=20test=20"$with_ssl"=20= =3D=20openssl=20;=20then=0A=20=20=20#=20function=20was=20removed.=0A=20=20= =20AC_CHECK_FUNCS([CRYPTO_lock])=0A=20=20=20#=20Function=20introduced=20= in=20OpenSSL=201.1.1.=0A-=20=20AC_CHECK_FUNCS([X509_get_signature_info])=0A= +=20=20AC_CHECK_FUNCS([X509_get_signature_info=20= SSL_CTX_set_num_tickets])=0A=20=20=20AC_DEFINE([USE_OPENSSL],=201,=20= [Define=20to=201=20to=20build=20with=20OpenSSL=20support.=20= (--with-ssl=3Dopenssl)])=0A=20elif=20test=20"$with_ssl"=20!=3D=20no=20;=20= then=0A=20=20=20AC_MSG_ERROR([--with-ssl=20must=20specify=20openssl])=0A= diff=20--git=20a/meson.build=20b/meson.build=0Aindex=20= 2767abd19e..e21f88b529=20100644=0A---=20a/meson.build=0A+++=20= b/meson.build=0A@@=20-1293,6=20+1293,7=20@@=20if=20sslopt=20in=20= ['auto',=20'openssl']=0A=20=0A=20=20=20=20=20=20=20#=20Function=20= introduced=20in=20OpenSSL=201.1.1=0A=20=20=20=20=20=20=20= ['X509_get_signature_info'],=0A+=20=20=20=20=20=20= ['SSL_CTX_set_num_tickets'],=0A=20=20=20=20=20]=0A=20=0A=20=20=20=20=20= are_openssl_funcs_complete=20=3D=20true=0Adiff=20--git=20= a/src/backend/libpq/be-secure-openssl.c=20= b/src/backend/libpq/be-secure-openssl.c=0Aindex=2039b1a66236..d257b93104=20= 100644=0A---=20a/src/backend/libpq/be-secure-openssl.c=0A+++=20= b/src/backend/libpq/be-secure-openssl.c=0A@@=20-258,8=20+258,20=20@@=20= be_tls_init(bool=20isServerStart)=0A=20=09=09}=0A=20=09}=0A=20=0A-=09/*=20= disallow=20SSL=20session=20tickets=20*/=0A+=09/*=0A+=09=20*=20Disallow=20= SSL=20session=20tickets.=20OpenSSL=20use=20both=20stateful=20and=20= stateless=0A+=09=20*=20tickets=20for=20TLSv1.3,=20and=20stateless=20= ticket=20for=20TLSv1.2.=20SSL_OP_NO_TICKET=0A+=09=20*=20is=20available=20= since=201.0.0=20but=20only=20turns=20off=20stateless=20tickets.=20In=20= order=0A+=09=20*=20to=20turn=20off=20stateful=20tickets=20we=20also=20= need=20SSL_CTX_set_num_tickets,=20which=0A+=09=20*=20is=20available=20= since=20OpenSSL=201.1.1.=20LibreSSL=203.5.4=20(from=20OpenBSD=207.1)=0A+=09= =20*=20introduced=20this=20API=20for=20compatibility,=20but=20doesn't=20= support=20session=0A+=09=20*=20tickets=20at=20all=20so=20it's=20a=20= no-op=20there.=0A+=09=20*/=0A+#ifdef=20HAVE_SSL_CTX_SET_NUM_TICKETS=0A+=09= SSL_CTX_set_num_tickets(context,=200);=0A+#else=0A=20=09= SSL_CTX_set_options(context,=20SSL_OP_NO_TICKET);=0A+#endif=0A=20=0A=20=09= /*=20disallow=20SSL=20session=20caching,=20too=20*/=0A=20=09= SSL_CTX_set_session_cache_mode(context,=20SSL_SESS_CACHE_OFF);=0Adiff=20= --git=20a/src/include/pg_config.h.in=20b/src/include/pg_config.h.in=0A= index=20f8d3e3b6b8..e2834912f8=20100644=0A---=20= a/src/include/pg_config.h.in=0A+++=20b/src/include/pg_config.h.in=0A@@=20= -510,6=20+510,9=20@@=0A=20/*=20Define=20to=201=20if=20you=20have=20the=20= `X509_get_signature_info'=20function.=20*/=0A=20#undef=20= HAVE_X509_GET_SIGNATURE_INFO=0A=20=0A+/*=20Define=20to=201=20if=20you=20= have=20the=20`SSL_CTX_set_num_tickets'=20function.=20*/=0A+#undef=20= HAVE_SSL_CTX_SET_NUM_TICKETS=0A+=0A=20/*=20Define=20to=201=20if=20the=20= assembler=20supports=20X86_64's=20POPCNTQ=20instruction.=20*/=0A=20= #undef=20HAVE_X86_64_POPCNTQ=0A=20=0A--=20=0A2.39.3=20(Apple=20Git-146)=0A= =0A= --Apple-Mail=_8668B109-EB2A-4530-B834-3F4EE98353A0--