open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59485 Commits
38 Branches
669 Tags
767 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 59f0eea7b0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '59f0eea7b0'
${ noResults }
postgres/src/backend/libpq
History
Peter Eisentraut 1fb2308e69
Remove obsolete unconstify() 		1 year ago
..
Makefile
README.SSL
auth-sasl.c Update copyright for 2024 2 years ago
auth-scram.c Replace some strtok() with strsep() 1 year ago
auth.c More use of getpwuid_r() directly 1 year ago
be-fsstubs.c Remove unnecessary code from be_lo_put() 2 years ago
be-gssapi-common.c Update copyright for 2024 2 years ago
be-secure-common.c Fix memory leaks in error reporting with LOG level 2 years ago
be-secure-gssapi.c Add tests for errors during SSL or GSSAPI handshake 1 year ago
be-secure-openssl.c Remove obsolete unconstify() 1 year ago
be-secure.c Add tests for errors during SSL or GSSAPI handshake 1 year ago
crypt.c Remove unused #include's from backend .c files 2 years ago
hba.c Remove a couple of strerror() calls 1 year ago
ifaddr.c Update copyright for 2024 2 years ago
meson.build Update copyright for 2024 2 years ago
pg_hba.conf.sample
pg_ident.conf.sample
pqcomm.c Add missing includes for some global variables 1 year ago
pqformat.c Remove unused 'countincludesself' argument to pq_sendcountedtext() 2 years ago
pqmq.c Use correct type for pq_mq_parallel_leader_proc_number variable 1 year ago
pqsignal.c Update copyright for 2024 2 years ago

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------

Ephemeral DH
============

Since the server static private key ($DataDir/server.key) will
normally be stored unencrypted so that the database backend can
restart automatically, it is important that we select an algorithm
that continues to provide confidentiality even if the attacker has the
server's private key.  Ephemeral DH (EDH) keys provide this and more
(Perfect Forward Secrecy aka PFS).

N.B., the static private key should still be protected to the largest
extent possible, to minimize the risk of impersonations.

Another benefit of EDH is that it allows the backend and clients to
use DSA keys.  DSA keys can only provide digital signatures, not
encryption, and are often acceptable in jurisdictions where RSA keys
are unacceptable.

The downside to EDH is that it makes it impossible to use ssldump(1)
if there's a problem establishing an SSL session.  In this case you'll
need to temporarily disable EDH (see initialize_dh()).