Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rynyM-000ai8-26 for pgsql-hackers@arkaria.postgresql.org; Mon, 22 Apr 2024 07:20:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1rynyI-000GDK-Ox for pgsql-hackers@arkaria.postgresql.org; Mon, 22 Apr 2024 07:20:14 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rynyI-000GD7-8R for pgsql-hackers@lists.postgresql.org; Mon, 22 Apr 2024 07:20:14 +0000 Received: from wfhigh2-smtp.messagingengine.com ([64.147.123.153]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rynyD-0042CG-4U for pgsql-hackers@lists.postgresql.org; Mon, 22 Apr 2024 07:20:12 +0000 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfhigh.west.internal (Postfix) with ESMTP id 6B72B180010F; Mon, 22 Apr 2024 03:20:06 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Mon, 22 Apr 2024 03:20:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paquier.xyz; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1713770405; x=1713856805; bh=ky3KOiejbf MJMoEJ9ZX6GK5Tdw0ENZXJxpmeyVr1nlY=; b=FVtZWetR+6LLeANdVa2UXrqZPT a5n9aeqNNdA/ZcsI8yLKvebU6kaFxHeI92RX9tVhyGdNozLtXK7ByNhGOsvtGnQH a1/d3+O6YY2endo6Wb3xP7y+offNv/fc41ZgMpejwXjffalPQ7fCXC75E8gC+ofW Z1BJtCOMzcxL4St477Xp2rQ5HBg67tYAup+yHOgBx3Gaye7Vhy8v+eBQESjNKRdD iWOZLrJE2axLPGGP72UtpJOTjRLMlcyS/azxyXiwyoMHk4WzW+ycA+y+QHERYioS czb6TK0Ki62+F3r0dNI4wzEl2mD3eSiyf/ATvzf17ZQ7aUYwqrkGthu18ssQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1713770405; x=1713856805; bh=ky3KOiejbfMJMoEJ9ZX6GK5Tdw0E NZXJxpmeyVr1nlY=; b=MuFc3o8XIVzFjmLWj1PWNNCq09Qzq1gLqZCkY6U7aBAR kOvFInAvU1t6+nzHqcddMU/M//HseHF7lUQtNrhCKcGWppCzojxLdYJ7eolWZ0IF bB0jvjkmsxHh0h3xAT9dy0mXrdxkyy/5GE1B38nEGqcXfjVuks7cJ+biEZGsGbyi 7fZCH4VAYIX0bHodju1/8krZAAW19OE5bMxAHPcDNUM2pOD2GyTdjQSgsRpfFujw Bik6MM/0oYgjy6/xsHiIC5ptQBTFS83WRVHKFQDxjqRQF+pmw4gLEwAHne4aAEtg jfTwz5l8nNlR16XTY6MbsocqJg+QR3+LXA1IiM0X5Q== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudekkedguddukecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enfghrlhcuvffnffculdefhedmnecujfgurhepfffhvfevuffkfhggtggujgesghdtreer tddtjeenucfhrhhomhepofhitghhrggvlhcurfgrqhhuihgvrhcuoehmihgthhgrvghlse hprghquhhivghrrdighiiiqeenucggtffrrghtthgvrhhnpeevteejgfejveegudekheei ueeiueeiveeuiedugeehveeugffgudeuleegleeiteenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmihgthhgrvghlsehprghquhhivghrrdig hiii X-ME-Proxy: Feedback-ID: i0fe9450f:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 22 Apr 2024 03:20:03 -0400 (EDT) Date: Mon, 22 Apr 2024 16:19:53 +0900 From: Michael Paquier To: Heikki Linnakangas Cc: Jacob Champion , Postgres hackers Subject: Re: Direct SSL connection with ALPN and HBA rules Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7AP1udNFe4h5h0kH" Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --7AP1udNFe4h5h0kH Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Apr 20, 2024 at 12:43:24AM +0300, Heikki Linnakangas wrote: > On 19/04/2024 19:48, Jacob Champion wrote: >> On Fri, Apr 19, 2024 at 6:56=E2=80=AFAM Heikki Linnakangas wrote: >>> With direct SSL negotiation, we always require ALPN. >>=20 >> (As an aside: I haven't gotten to test the version of the patch that >> made it into 17 yet, but from a quick glance it looks like we're not >> rejecting mismatched ALPN during the handshake as noted in [1].) >=20 > Ah, good catch, that fell through the cracks. Agreed, the client should > reject a direct SSL connection if the server didn't send ALPN. I'll add t= hat > to the Open Items so we don't forget again. Would somebody like to write a patch for that? I'm planning to look at this code more closely, as well. >> You get protection against attacks that could have otherwise happened >> during the plaintext portion of the handshake. That has architectural >> implications for more advanced uses of SCRAM, and it should prevent >> any repeats of CVE-2021-23222/23214. And if the peer doesn't pass the >> TLS handshake, they can't send you anything that you might forget is >> untrusted (like, say, an error message). >=20 > Can you elaborate on the more advanced uses of SCRAM? I'm not sure what you mean here, either, Jacob. >>> Controlling these in HBA is a bit inconvenient, because you only find >>> out after authentication if it's allowed or not. So if e.g. direct SSL >>> connections are disabled for a user, >>=20 >> Hopefully disabling direct SSL piecemeal is not a desired use case? >> I'm not sure it makes sense to focus on that. Forcing it to be enabled >> shouldn't have the same problem, should it? I'd get behind the case where a server rejects everything except direct SSL, yeah. Sticking that into a format similar to HBA rules would easily give the flexibility to be able to accept or reject direct or default SSL, though, while making it easy to parse. The implementation is not really complicated, and not far from the existing hostssl and nohostssl. As a whole, I can get behind a unique GUC that forces the use of direct. Or, we could extend the existing "ssl" GUC with a new "direct" value to accept only direct connections and restrict the original protocol (and a new "postgres" for the pre-16 protocol, rejecting direct?), while "on" is able to accept both. > Forcing it to be enabled piecemeal based on role or database has similar > problems. Forcing it enabled for all connections seems sensible, though. > Forcing it enabled based on the client's source IP address, but not > user/database would be somewhat sensible too, but we don't currently have > the HBA code to check the source IP and accept/reject SSLRequest based on > that. The HBA rejection always happens after the client has sent the star= tup > packet. Hmm. Splitting the logic checking HBA entries (around check_hba) so as we'd check for a portion of its contents depending on what the server has received or not from the client would not be that complicated. I'd question whether it makes sense to mix this information within the same configuration files as the ones holding=20 the current HBA rules. If the same rules are used for the pre-startup-packet phase and the post-startup-packet phase, we'd want new keywords for these HBA rules, something different than the existing sslmode and no sslmode? -- Michael --7AP1udNFe4h5h0kH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEG72nH6vTowiyblFKnvQgOdbyQH0FAmYmD5kACgkQnvQgOdby QH2Zig/9F7l32kzknOCWFgDOG3A1vxz/Hu9uiSjyHbluobt1vWRt5qW7a6mEGvqI HhWG4F1IXH9FgEnh8Wfq4FSlrHV9PkB1AB+3QUPfD428Kf+vWcZicUN0ODd43p3B fMN6aDOhDsIs/AKTKgbqu2EbFo+SeA125aksfPqg241+fLpEconzohUPHAG7BkL+ np5kOaF7fmJ6O5mKxOK8zAFUTgT5R70RGYSsso80eyg0xUp2BQ+EFPsHDziv5imY x/rUOZJlLo04obNptbKQfQAk4gg7h2WuM88c0Po2K4exPpnwlfTN2Nex/Bc2i6Cq RIH843HtIprM4lZtwcRp4xO7P+pqEfDFFCMLvVuO0Q3IPnwrD+fRwuS1ke1irB9P gMYF7YS5EtBW7RePCLRCTE6Z3XoDuQo5SwlDsS5b1LyVt7AweA3OEEuZcl2tD/Jx Plido863ipnzrsIkkp3W5wTYlbvqDKOPydFCWKHhRjlmcTlj2RoCQRVj30VenE/i Xl72kFxFUa8A+igUSmLNM1i8SY43mG+TOWsynyGLmsrhzqMO+d3a/E9C1j+qDjp7 4FwjNPzSGgFYxo4m4E/ytZ8z5uiexnwaLHKmR1TzQjZhywggvVfN/E/ai6I+zUDb tSSuuu8NqklHY9cjafj/w7ysjVkd5mGJvYQGekJwCYCRkk78fls= =xzpu -----END PGP SIGNATURE----- --7AP1udNFe4h5h0kH--