postgres

History

Peter Eisentraut bb1412baa5 Fix incorrect format placeholders		4 years ago
..
Makefile	Refactor SASL code with a generic interface for its mechanisms	4 years ago
README.SSL	Move EDH support to common files	8 years ago
auth-sasl.c	Fix incorrect format placeholders	4 years ago
auth-scram.c	Fix incorrect format placeholders	4 years ago
auth.c	Fix incorrect format placeholders	4 years ago
be-fsstubs.c	Update copyright for 2021	5 years ago
be-gssapi-common.c	Don't assume GSSAPI result strings are null-terminated.	4 years ago
be-secure-common.c	Update copyright for 2021	5 years ago
be-secure-gssapi.c	Update copyright for 2021	5 years ago
be-secure-openssl.c	Set type identifier on BIO	4 years ago
be-secure.c	Allow matching the DN of a client certificate for authentication	4 years ago
crypt.c	Update copyright for 2021	5 years ago
hba.c	Fix RADIUS error reporting in hba file parsing	4 years ago
ifaddr.c	Update copyright for 2021	5 years ago
pg_hba.conf.sample	pg_hba.conf.sample: Reword connection type section	4 years ago
pg_ident.conf.sample	Reformat the comments in pg_hba.conf and pg_ident.conf	16 years ago
pqcomm.c	Initial pgindent and pgperltidy run for v14.	4 years ago
pqformat.c	Update copyright for 2021	5 years ago
pqmq.c	Remove server and libpq support for old FE/BE protocol version 2.	4 years ago
pqsignal.c	Use signalfd(2) for epoll latches.	4 years ago

README.SSL

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------

Ephemeral DH
============

Since the server static private key ($DataDir/server.key) will
normally be stored unencrypted so that the database backend can
restart automatically, it is important that we select an algorithm
that continues to provide confidentiality even if the attacker has the
server's private key.  Ephemeral DH (EDH) keys provide this and more
(Perfect Forward Secrecy aka PFS).

N.B., the static private key should still be protected to the largest
extent possible, to minimize the risk of impersonations.

Another benefit of EDH is that it allows the backend and clients to
use DSA keys.  DSA keys can only provide digital signatures, not
encryption, and are often acceptable in jurisdictions where RSA keys
are unacceptable.

The downside to EDH is that it makes it impossible to use ssldump(1)
if there's a problem establishing an SSL session.  In this case you'll
need to temporarily disable EDH (see initialize_dh()).