Update and clarify ssl_ciphers default

- Write HIGH:MEDIUM instead of DEFAULT:!LOW:!EXP for clarity.
- Order 3DES last to work around inappropriate OpenSSL default.
- Remove !MD5 and @STRENGTH, because they are irrelevant.
- Add clarifying documentation.

Effectively, the new default is almost the same as the old one, but it
is arguably easier to understand and modify.

Author: Marko Kreen 

diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 91a601559f0221a9d4cc930272416fc90d93d88f..cf11306f6cba5e8e3fdd7cae89ed00a3afa5fa87 100644 (file)
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -889,12 +889,71 @@ include 'filename'
       
       
        
-        Specifies a list of SSL ciphers that are allowed to be
+        Specifies a list of SSL cipher suites that are allowed to be
         used on secure connections.  See
         the ciphers manual page
         in the OpenSSL package for the syntax of this setting
-        and a list of supported values.  The default value is usually
-        reasonable, unless you have specific security requirements.
+        and a list of supported values.  The default value is
+        HIGH:MEDIUM:+3DES:!aNULL.  It is usually reasonable,
+        unless you have specific security requirements.
+       
+
+       
+        Explanation of the default value:
+        
+         
+          HIGH
+          
+           
+            Cipher suites that use ciphers from HIGH group (e.g.,
+            AES, Camellia, 3DES)
+           
+          
+         
+
+         
+          MEDIUM
+          
+           
+            Cipher suites that use ciphers from MEDIUM group
+            (e.g., RC4, SEED)
+           
+          
+         
+
+         
+          +3DES
+          
+           
+            The OpenSSL default order for HIGH is problematic
+            because it orders 3DES higher than AES128.  This is wrong because
+            3DES offers less security than AES128, and it is also much
+            slower.  +3DES reorders it after all other
+            HIGH and MEDIUM ciphers.
+           
+          
+         
+
+         
+          !aNULL
+          
+           
+            Disables anonymous cipher suites that do no authentication.  Such
+            cipher suites are vulnerable to man-in-the-middle attacks and
+            therefore should not be used.
+           
+          
+         
+        
+       
+
+       
+        Available cipher suite details will vary across OpenSSL versions.  Use
+        the command
+        openssl ciphers -v 'HIGH:MEDIUM:+3DES:!aNULL' to
+        see actual details for the currently installed OpenSSL
+        version.  Note that this list is filtered at run time based on the
+        server key type.
        
       
      

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index aa5a8757fa30322c0a9f8aeb35c4001d7b427d6b..b27cb89a289a559e0a553eff40d45d98f8e7c15e 100644 (file)
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -3237,7 +3237,7 @@ static struct config_string ConfigureNamesString[] =
        },
        &SSLCipherSuites,
 #ifdef USE_SSL
-       "DEFAULT:!LOW:!EXP:!MD5:@STRENGTH",
+       "HIGH:MEDIUM:+3DES:!aNULL",
 #else
        "none",
 #endif

diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index 07341e72a437237d9e26cb3cb0c81d97151fda12..ce56059ceb294b78acae4d5e0c5ede36486002bf 100644 (file)
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -79,7 +79,7 @@
 
 #authentication_timeout = 1min     # 1s-600s
 #ssl = off             # (change requires restart)
-#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'  # allowed SSL ciphers
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
                    # (change requires restart)
 #ssl_prefer_server_ciphers = on        # (change requires restart)
 #ssl_ecdh_curve = 'prime256v1'     # (change requires restart)