Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s08Ss-001GJp-82 for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Apr 2024 23:25:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s08Rq-0048ox-C5 for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Apr 2024 23:24:15 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s08Rp-0048mg-Tk for pgsql-hackers@lists.postgresql.org; Thu, 25 Apr 2024 23:24:14 +0000 Received: from mail-qv1-xf2b.google.com ([2607:f8b0:4864:20::f2b]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s08Rn-0003cX-FA for pgsql-hackers@lists.postgresql.org; Thu, 25 Apr 2024 23:24:12 +0000 Received: by mail-qv1-xf2b.google.com with SMTP id 6a1803df08f44-69b7d2de292so7284216d6.2 for ; Thu, 25 Apr 2024 16:24:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1714087450; x=1714692250; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=MXObWJPkU5TLpBJMX9Pf8isvKh8B3qq/qD1sGTcNGlw=; b=ikeI9A+r0C20PF0mwbpg7R6izBynPbs4ib62wZb5jrBGwnsbNft690r80BI50sGNuJ eAOSEXVuMxbYTKxGRk+0FQB1YZ/c+MfcJj263ro+59w7fn19cqmIHTLBTPrrfM5Tj2jK /AX5PmlfZOQpUd4S4xZVY5iBRq7iiCwl3NKokSbBLzXs2CtBsOoe2okyhXzlytR2PoKK u+8Ii1ygfdcrrYNyziYwPhkZFLkU3qGLbf03vValWccXyjbioTCALSIMWpCByNot0Z10 ZmlaLLAY5pmNMvEUgCwrkc0MJNOFrQRiT259jMYeenEd7I2sCD75GQN8ufh0Ev9YgWtI 8gFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714087450; x=1714692250; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MXObWJPkU5TLpBJMX9Pf8isvKh8B3qq/qD1sGTcNGlw=; b=phFedtt/2Ov+dwrm1izBdAK919RJklCmkIagLnIrLMta3qSPAP6We54WE+Z/zG9KvW RgoFNwR3GpBNgZdM5sch9g8LBzhP19dFZma4xSbb191UJlv6cs5dG1owtjNdOQ3njYy7 LSHLiLrMsC49hOT0rEOJUs7IWaoqlNorl5wyKB8FMfIPNAa8DqASEYyKI5dc89fATPJz D45671sXORTtwSpLiZni2Ml/orFINH2YcWNFkbSBO7UlNsyuXw/1R38cpfTMCa62cOLE q9XPi/MP3qlzuasOIJ85sew5zKGKV3/j2j9bxyPzFhrt/7x3hgXpxfguNPbgVIKNnpQt 8ubw== X-Forwarded-Encrypted: i=1; AJvYcCUVu9WKgNvDH8fkOeaSFKYGN1DZILzk2OEFZKcKrTihlSFnz9RuTI394NDrv5aJMFobLq+VllQJ4ChRX9QqrKwTs7DrytU5kD3RFkq24uD64rvr X-Gm-Message-State: AOJu0YzU1wDrEJhvCxCglQY5SV5r6RbGV+sHr7H+XagTQlPrcO93POy2 jx3h+KfH48iLhUcnLHN5fyrCsVvZhGphbKjDFY6Skg+Jmu9VZxMC6dY44Go6075Po2fzrMqPjp8 65FQH+/Ii88Q/9+W4Itycqk90anv7TW+/g9ZJ X-Google-Smtp-Source: AGHT+IFRFRMcFSEyiR05uOXpRLJMS89U7+ZfA3cTDaCed7Za/Lenftw08T/dkdwPkrxwPfXcS2ES34AGPDhpWhFU6iE= X-Received: by 2002:a05:6214:19c5:b0:6a0:8511:98e0 with SMTP id j5-20020a05621419c500b006a0851198e0mr1451283qvc.22.1714087450224; Thu, 25 Apr 2024 16:24:10 -0700 (PDT) MIME-Version: 1.0 References: <5a79ed71-b365-4b20-80bc-9c2bf97bf84b@iki.fi> In-Reply-To: From: Jacob Champion Date: Thu, 25 Apr 2024 16:23:59 -0700 Message-ID: Subject: Re: Direct SSL connection with ALPN and HBA rules To: Heikki Linnakangas Cc: Robert Haas , Michael Paquier , Postgres hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Apr 25, 2024 at 2:50=E2=80=AFPM Heikki Linnakangas wrote: > > I think that comes down to the debate upthread, and whether you think > > it's a performance tweak or a security feature. My take on it is, > > `direct` mode is performance, and `requiredirect` is security. > > Agreed, although the the security benefits from `requiredirect` are > pretty vague. It reduces the attack surface, but there are no known > issues with the 'postgres' or 'direct' negotiation either. I think reduction in attack surface is a concrete security benefit, not a vague one. True, I don't know of any exploits today, but that seems almost tautological -- if there were known exploits in our upgrade handshake, I assume we'd be working to fix them ASAP? > Perhaps 'requiredirect' should be renamed to 'directonly'? If it's agreed that we don't want to require a stronger sslmode for that sslnegotiation setting, then that would probably be an improvement. But who is the target user for `sslnegotiation=3Ddirectonly`, in your opinion? Would they ever have a reason to use a weak sslmode? > >> I'm not sure about this either. The 'gssencmode' option is already > >> quite weird in that it seems to override the "require"d priority of > >> "sslmode=3Drequire", which it IMO really shouldn't. > > Yeah, that combination is weird. I think we should forbid it. But that's > separate from sslnegotiation. Separate but related, IMO. If we were all hypothetically okay with gssencmode ignoring `sslmode=3Drequire`, then it's hard for me to claim that `sslnegotiation=3Drequiredirect` should behave differently. On the other hand, if we're not okay with that and we'd like to change it, it's easier for me to argue that `requiredirect` should also be stricter from the get-go. Thanks, --Jacob