Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s06zJ-000yob-PM for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Apr 2024 21:50:42 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s06zH-003CTv-9J for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Apr 2024 21:50:40 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s06zG-003CTn-Sq for pgsql-hackers@lists.postgresql.org; Thu, 25 Apr 2024 21:50:39 +0000 Received: from lahtoruutu.iki.fi ([2a0b:5c81:1c1::37]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s06zE-0004Tb-SO for pgsql-hackers@lists.postgresql.org; Thu, 25 Apr 2024 21:50:39 +0000 Received: from [192.168.1.115] (dsl-hkibng22-54f8db-125.dhcp.inet.fi [84.248.219.125]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: hlinnaka) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4VQV0B23wMz49Pyk; Fri, 26 Apr 2024 00:50:34 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1714081834; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=R74b3S/6MveVNzRCFuW+Unp+i6h1BLB1MkuJ+zMw7ic=; b=n2esjf4MLk4nk3Q4x1c01R8T7TjwU9WPr4oihvFTpvuqtGRGCfhueWGhctKEWnFkBhF39O deBHKdXpJkrY6GZva+YwN6kcYcllfRe2tfl1V4uM39IA6zaxWKa+3A2LCI1E+9O2adKuOl NSOYxJz+kFbujMfZIARvuMUWl1JTWhR51cGEQLMhhZ7xx98K0rx0kUVvzHmQyHEERGMLon hW53Ujo9WpmLA0nqq6fnKIoWlFcrAoqkWHUIBEZTaFutpRdTKsJFzLoTjwpkvS3FRoRFlD Np6wVhnzTUH6xYM0612Z2xLtW09WRVB9lUeZ3f06GvhMRu2tjPLyYm+OOlPFyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1714081834; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=R74b3S/6MveVNzRCFuW+Unp+i6h1BLB1MkuJ+zMw7ic=; b=qJbntz5gn6lcW8fchd6O3WXXtfS9wqKAoc3YdHlFfGOSX6oWfX+Erns97faEcgPxKgAkLu ARqhM04KTOPj3sj+kG1MKyEURahMmd+1LKMwAu1GHiV+5Uebj1oxrtIoVFsGCbu6i5tWlV LndZE1cwzi0FyEscpm5rhgM73OD/doGCfiIup6Nq9kWdBgw10AdYNwoWg3kxyq9kMpoJEg TmVo/7KukWaGuVUgm6q3xdIsIsewiKBXqUOoKq1yUwXats5eIbnFpWlLAmoWnx7kKSA2jy cxZHlSCgepa+kSvj5E2zbYMQfiW41WS6u0ovXb9mFjYR5fabkKNhSfy+j1Fo5Q== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=hlinnaka smtp.mailfrom=hlinnaka@iki.fi ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1714081834; a=rsa-sha256; cv=none; b=icNgNQ0OZOUlyU1XyTf0wJjSEx79/+25/0m8m3kGlz5QNF3rxiRccJxdLr4VS8H+op9RKf 5v0vRs/fQXrvU8P0Kf8VSX9JgFUDeVMy4dcc2k8jrqiwMeq+t3o5cQT/hoYgA2cvrvzn8C TBh+mawsNGSxf60Vg48fNxnuB3zx8atUWYBkKRHO+Z5TR3TKC3GWnTrR+KLjc+SwcR1gRh 0ZP1GRZPIerucGEW4lGE25ONqz9PxckycoBcBsfWr6UEObfa8gqTl6UaOSmizrpJ57tuaj gy1z4UsrwM/FIdhQEN0X/dJOk5lRaWiuvrK6PCa7U32RDBZY5sTgU+GIQTyeCw== Message-ID: Date: Fri, 26 Apr 2024 00:50:33 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Direct SSL connection with ALPN and HBA rules To: Jacob Champion , Robert Haas Cc: Michael Paquier , Postgres hackers References: <5a79ed71-b365-4b20-80bc-9c2bf97bf84b@iki.fi> Content-Language: en-US From: Heikki Linnakangas In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 25/04/2024 21:13, Jacob Champion wrote: > On Thu, Apr 25, 2024 at 10:35 AM Robert Haas wrote: >> Maybe I'm missing something here, but why doesn't sslnegotiation >> override sslmode completely? Or alternatively, why not remove >> sslnegotiation entirely and just have more sslmode values? I mean >> maybe this shouldn't happen categorically, but if I say I want to >> require a direct SSL connection, to me that implies that I don't want >> an indirect SSL connection, and I really don't want a non-SSL >> connection. My thinking with sslnegotiation is that it controls how SSL is negotiated with the server, if SSL is to be used at all. It does not control whether SSL is used or required; that's what sslmode is for. > I think that comes down to the debate upthread, and whether you think > it's a performance tweak or a security feature. My take on it is, > `direct` mode is performance, and `requiredirect` is security. Agreed, although the the security benefits from `requiredirect` are pretty vague. It reduces the attack surface, but there are no known issues with the 'postgres' or 'direct' negotiation either. Perhaps 'requiredirect' should be renamed to 'directonly'? > (Especially since, with the current implementation, requiredirect can > slow things down?) Yes: the case is gssencmode=prefer, kerberos credentical cache present in client, and server doesn't support GSS. With sslnegotiation='postgres' or 'direct', libpq can do the SSL negotiation over the same TCP connection after the server rejected the GSSRequest. With sslnegotiation='requiredirect', it needs to open a new TCP connection. > >> I think it's pretty questionable in 2024 whether sslmode=allow and >> sslmode=prefer make any sense at all. I don't think it would be crazy >> to remove them entirely. But I certainly don't think that they should >> be allowed to bleed into the behavior of new, higher-security >> configurations. Surely if I say I want direct SSL, it's that or >> nothing, right? > > I agree, but I more or less lost the battle at [1]. Like Matthias > mentioned in [2]: > >> I'm not sure about this either. The 'gssencmode' option is already >> quite weird in that it seems to override the "require"d priority of >> "sslmode=require", which it IMO really shouldn't. Yeah, that combination is weird. I think we should forbid it. But that's separate from sslnegotiation. -- Heikki Linnakangas Neon (https://neon.tech)