Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sFdBC-004C0H-7J for pgsql-hackers@arkaria.postgresql.org; Fri, 07 Jun 2024 17:15:07 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sFdBA-00DO2P-JN for pgsql-hackers@arkaria.postgresql.org; Fri, 07 Jun 2024 17:15:05 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sFdBA-00DO2H-8Z for pgsql-hackers@lists.postgresql.org; Fri, 07 Jun 2024 17:15:05 +0000 Received: from mail-oi1-x233.google.com ([2607:f8b0:4864:20::233]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sFdB7-000Bux-UJ for pgsql-hackers@lists.postgresql.org; Fri, 07 Jun 2024 17:15:03 +0000 Received: by mail-oi1-x233.google.com with SMTP id 5614622812f47-3d208d5b30fso1171785b6e.3 for ; Fri, 07 Jun 2024 10:15:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1717780501; x=1718385301; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=0Tg1IgKOGngM2I6wXLK3vQiweslx51YHDnKuan3Z9PU=; b=FjMGPqIgPLJ1HPF6MZdCgLYOtwn14CoulP6JaUIeB3ogu4UlMjmUoG2SplCMnpom0n aRNiJkg3LmBRqPcJk84gjDV4HIGRNJODxWP6XVXUrpCe0hDqpGqfyDe1nRqP3ZTXjjkg GOmmsriv860E+jQC6TrsfSRud5o+2K3LDJb3eNL3k6jV/2L0vCP/wko7e0qEzrpu+IdD +aQGcKiJtY9M2EovVHjUrbZM+8ImIS2HpXM2aSNDW/I53VnLaVLW37fZBVuoAJeIURx2 Srs+CWxmo1aYf5+eCrZSgUD9d+gXaPRYtIfTYtDF2Cxp9OpcPFpsBvalzKRq+efYJMa2 rj4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717780501; x=1718385301; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0Tg1IgKOGngM2I6wXLK3vQiweslx51YHDnKuan3Z9PU=; b=TNGQOSUdXIEUimslow61iW/N+2V3D8NBJpo90E3qZaSmGzlnuOD8srQBaz0WOyA18r XdoDpa74QTqu0B+3ieSD73ZohUcSTGNMzL6hxx5rwJAiJF0C5WTXt8PqG8RFtSIAla3N tUJ50QydNXOk/glSEqnkGymQJiJKqsgGsO4Ex9YQHR2lI8jXwkcp/6GAcquwqbUNmSQz VF4OLk0t40qXYdkLZh3xLuulvnxnMvG2HAadM5k/KC6YkmYKKNrHq9eUJkr9A+I/5ivb aYEH3iLVGQXmonAKtaYiGi0NJ7ZdqwIE5NRPKpEbmtTOWPIh6GKtdOd+kwGpMTD+e8xz sPtA== X-Forwarded-Encrypted: i=1; AJvYcCVqA/9KohpRKHvT1u9zPmspDOcCyC7xQqo98SRHIaBdyxT0wEtjCtyHY4gNoceaUrryKFcmsqoLCVk5N8rNmmSEHsX8D01eTysp0H70MiXUb54r X-Gm-Message-State: AOJu0YwIR2oe7nOypmtRxLlIXb+DkuDOSjedfWgDCZwqaGX/xxKKUKJz LvVoxMkTcH7Rl2K7Uexlae44KSgUoVwnn/1JIPmDUyILMQpnwYYbRcudn+hbwA2y27obRLaoe/J 5np3njp0LYAK0o7R/4S1Jff77zWveFdcG6FMbYAqp8FsfIoOX9A== X-Google-Smtp-Source: AGHT+IFNZpisf8hDT2jdwP6z+qzrSW+VuRdQeCdBNkhP+CUAOWQa8bAxyoSNFTX6UHIhdfmg9lwcOKdGeBxGgtHodSU= X-Received: by 2002:a54:4006:0:b0:3c9:963b:7f84 with SMTP id 5614622812f47-3d210da0fd3mr2999887b6e.25.1717780501101; Fri, 07 Jun 2024 10:15:01 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jacob Champion Date: Fri, 7 Jun 2024 10:14:50 -0700 Message-ID: Subject: Re: Re: Add support to TLS 1.3 cipher suites and curves lists To: Erica Zhang Cc: Peter Eisentraut , pgsql-hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, Jun 7, 2024 at 3:02=E2=80=AFAM Erica Zhang = wrote: > > For some security consideration, we prefer to use TLS1.3 cipher suites in= our product with some customization values instead of default value "HIGH:= MEDIUM:+3DES:!aNULL". Moreover we prefer to set a group of ecdh keys instea= d of a single value. +1 for the curve list feature, at least. No opinions on the 1.3 ciphersuites half, yet. I've added this patch to my planned review for the v18 cycle. Some initial notes: - Could you separate the two features into two patches? That would make it easier for reviewers. (They can still share the same thread and CF entry.) - The "curve" APIs have been renamed "group" in newer OpenSSLs for a while now, and we should probably use those if possible. - I think parsing apart the groups list to check NIDs manually could lead to false negatives. From a docs skim, 3.0 allows providers to add their own group names, and 3.3 now supports question marks in the string to allow graceful fallbacks. - I originally thought it'd be better to just stop calling SSL_set_tmp_ecdh() entirely by default, so we could use OpenSSL's builtin list of groups. But that may have denial-of-service concerns [1]? - We should maybe look into SSL_CTX_config(), if we haven't discussed that already on the list, but that's probably a bigger tangent and doesn't need to be part of this patch. Thanks, --Jacob [1] https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/i= ndex.html