Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s6YKK-000HkM-TB for pgsql-hackers@arkaria.postgresql.org; Mon, 13 May 2024 16:15:02 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s6YJM-001wn8-LB for pgsql-hackers@arkaria.postgresql.org; Mon, 13 May 2024 16:14:00 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s6YJM-001wn0-C5 for pgsql-hackers@lists.postgresql.org; Mon, 13 May 2024 16:14:00 +0000 Received: from mail-ej1-x62d.google.com ([2a00:1450:4864:20::62d]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s6YJ8-0001OA-IT for pgsql-hackers@lists.postgresql.org; Mon, 13 May 2024 16:13:52 +0000 Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-a5a1054cf61so1212057066b.1 for ; Mon, 13 May 2024 09:13:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715616825; x=1716221625; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Q8/kWyrBolmpv9guLLAMD7JN63yYTYQ4OYffkHZ4rEU=; b=MIF2YY1CJrnHfVNoi2vVvyWuP4/94RTh0pJvyHgw/AuaCcPoJhpnUcJdcMSoiUfJHp brVFTrMPJ7qDfACmotDL0UjJ8YvEQ0/atYT8YjD5wpIwajIUir53PO3abWuqyhXuc8jV 6nRPzOv7w32wFAdxmraGom6rOUEjTgS4RmJjF/aNfUrj61dW55y/aHfGL2NgB0lO1yn4 nbwNBK1EayGnwC/rqJNsskv5x802HwGPzUX43aJNAY5O7Tgx2v0/OeYEaj88YZ26yiK1 ok6waNZMwu/ZTz54FAdMYsrzhvnYjwS/rhKL1nPuw8gyOz6GXfCvzWWarouViM9ASpIq a8/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715616825; x=1716221625; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Q8/kWyrBolmpv9guLLAMD7JN63yYTYQ4OYffkHZ4rEU=; b=ibFum7v8yW4FsPqbzOQ2dQa5CZt9Tw8CbVGPqrqKneozTsulA3WtWS01VK9snBewvq XiI274P5NYYlA0NAqDZKUKw2IHgY0cPvqOH+D+VW7ie8FCDnm8SJkaNrOw8Z2MW9SOBl z9Ec2Ne+V+oSz1Nih0RWAjN5Fp4KrPCDqpmgMvAjn6DAsxg+lKlQ3INU7e3ZFla2KmLW JfQtNKkTQkM0nXDrGKb5T2FlwfmnlVfA6QlQHN0zmeG9vRgjIZa11O0Up5dgsCY6ndVm phCJ9BqDUcUp1dnZMuDyxR7iiadXBy4iNMgdLgf3ygQIbe+MTnvV9KEMy0ll/+c73MMn a6hg== X-Forwarded-Encrypted: i=1; AJvYcCUKUA4VCjU11wwEHfINVCWOYLOnVtJAjQuhwpvaL5y2rIPUuMsTlCHgW61DTkMCEgScd9ZD2CeolpW6GAemId28tIraak7HeQxy06dxwDjk2R4U X-Gm-Message-State: AOJu0YxVp15Ih/1RTFnes9RvekxELEWKU5UO+gnQRJxHW5uTEJxF8Mug JWhhj1OfOf7ZPmcOpWfxlRXgJzPkKGy+YjIWbP++/RiVSrmgyDDm55YC/lEXhNIv/fofXloR0mJ Ij4hmRmgFnJPWZu+1VPy1nADT3HY= X-Google-Smtp-Source: AGHT+IHwO53Xor31gMRzwG+qIdHF06IAGrgF16yn2P9BQb+6TQHkzQ/iYcPY/kj2od8yQX6EDy3opqpKtKu+GU4PlLQ= X-Received: by 2002:a17:906:591a:b0:a59:bdb7:73ec with SMTP id a640c23a62f3a-a5a2d676427mr1010871866b.72.1715616824732; Mon, 13 May 2024 09:13:44 -0700 (PDT) MIME-Version: 1.0 References: <5a79ed71-b365-4b20-80bc-9c2bf97bf84b@iki.fi> <3a6f126c-e1aa-4dcc-9252-9868308f6cf0@iki.fi> <1a717f65-7390-4111-8efd-c6e9b213805e@iki.fi> <3fdaf4b1-82d1-45bb-8175-f97ff53a1f01@iki.fi> In-Reply-To: <3fdaf4b1-82d1-45bb-8175-f97ff53a1f01@iki.fi> From: Robert Haas Date: Mon, 13 May 2024 12:13:32 -0400 Message-ID: Subject: Re: Direct SSL connection with ALPN and HBA rules To: Heikki Linnakangas Cc: Jacob Champion , Daniel Gustafsson , Michael Paquier , Postgres hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Mon, May 13, 2024 at 9:37=E2=80=AFAM Heikki Linnakangas wrote: > On 10/05/2024 16:50, Heikki Linnakangas wrote: > > New proposal: > > > > - Remove the "try both" mode completely, and rename "requiredirect" to > > just "direct". So there would be just two modes: "postgres" and > > "direct". On reflection, the automatic fallback mode doesn't seem very > > useful. It would make sense as the default, because then you would get > > the benefits automatically in most cases but still be compatible with > > old servers. But if it's not the default, you have to fiddle with libpq > > settings anyway to enable it, and then you might as well use the > > "requiredirect" mode when you know the server supports it. There isn't > > anything wrong with it as such, but given how much confusion there's > > been on how this all works, I'd prefer to cut this back to the bare > > minimum now. We can add it back in the future, and perhaps make it the > > default at the same time. This addresses points 2. and 3. above. > > > > and: > > > > - Only allow sslnegotiation=3Ddirect with sslmode=3Drequire or higher. = This > > is what you, Jacob, wanted to do all along, and addresses point 1. > > Here's a patch to implement that. I find this idea to be a massive improvement over the status quo, and I didn't spot any major problems when I read through the patch, either. I'm not quite sure if the patch takes the right approach in emphasizing that weaker sslmode settings are not allowed because of unintended fallbacks. It seems to me that we could equally well say that those combinations are nonsensical. If we're making a direct SSL connection, SSL is eo ipso required. I don't have a strong opinion about whether sslnegotiation=3Ddirect should error out (as you propose here) or silently promote sslmode to require. I think either is defensible. Had I been implementing it, I think I would have done as Jacob proposes, just because once we've forced a direct SSL negotiation surely the only sensible behavior is to be using SSL, unless you think there should be a silently-reconnect-without-SSL behavior, which I sure don't. However, I disagree with Jacob's assertion that sslmode=3Drequire has no security benefits over sslmode=3Dprefer. That seems like the kind of pessimism that makes people hate security professionals. There have got to be some attacks that are foreclosed by encrypting the connection, even if you don't stop MITM attacks or other things that are more sophisticated than running wireshark and seeing what goes by on the wire. I'm pleased to hear that you will propose to make sslmode=3Drequire the default in v18. I think we'll need to do some work to figure out how much collateral damage that will cause, and maybe it will be more than we can stomach, but Magnus has been saying for years that the current default is terrible. I'm not sure I was entirely convinced of that the first time I heard him say it, but I'm smarter now than I was then. It's really hard to believe in 2024 that anyone should ever be using a setting that may or may not encrypt the connection. There's http and https but there's no httpmaybes. --=20 Robert Haas EDB: http://www.enterprisedb.com