Disable ssl renegotiation by default.

While postgres' use of SSL renegotiation is a good idea in theory, it
turned out to not work well in practice. The specification and openssl's
implementation of it have lead to several security issues. Postgres' use
of renegotiation also had its share of bugs.

Additionally OpenSSL has a bunch of bugs around renegotiation, reported
and open for years, that regularly lead to connections breaking with
obscure error messages. We tried increasingly complex workarounds to get
around these bugs, but we didn't find anything complete.

Since these connection breakages often lead to hard to debug problems,
e.g. spuriously failing base backups and significant latency spikes when
synchronous replication is used, we have decided to change the default
setting for ssl renegotiation to 0 (disabled) in the released
backbranches and remove it entirely in 9.5 and master..

Author: Michael Paquier, with changes by me
Discussion: 20150624144148[email protected]
Backpatch: 9.0-9.4; 9.5 and master get a different patch

diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index c669f752323f9fb2fdc7458eab220d2513b438c5..871b04a94b0db8d0f43a6a117b07b359c83f4876 100644 (file)
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1040,7 +1040,7 @@ include_dir 'conf.d'
         cryptanalysis when large amounts of traffic can be examined, but it
         also carries a large performance penalty. The sum of sent and received
         traffic is used to check the limit. If this parameter is set to 0,
-        renegotiation is disabled. The default is 512MB.
+        renegotiation is disabled. The default is 0.
        
        
         
@@ -1052,6 +1052,14 @@ include_dir 'conf.d'
          disabled.
         
        
+
+       
+        
+         Due to bugs in OpenSSL enabling ssl renegotiation, by
+         configuring a non-zero ssl_renegotiation_limit, is likely
+         to lead to problems like long-lived connections breaking.
+        
+       
       
      
 

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 6ad0892b937b908c1eb99e41adfc7974c3fbda27..396c68b30ef8fbab36480e1d8b161de242a057e6 100644 (file)
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -2457,7 +2457,7 @@ static struct config_int ConfigureNamesInt[] =
            GUC_UNIT_KB,
        },
        &ssl_renegotiation_limit,
-       512 * 1024, 0, MAX_KILOBYTES,
+       0, 0, MAX_KILOBYTES,
        NULL, NULL, NULL
    },
 

diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index 8dfd485e0b9f84cd7e3afae8e8ebde15b9460978..3845d57808bb8230b36b3eade6187450ad781b8e 100644 (file)
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -83,7 +83,7 @@
                    # (change requires restart)
 #ssl_prefer_server_ciphers = on        # (change requires restart)
 #ssl_ecdh_curve = 'prime256v1'     # (change requires restart)
-#ssl_renegotiation_limit = 512MB   # amount of data between renegotiations
+#ssl_renegotiation_limit = 0       # amount of data between renegotiations
 #ssl_cert_file = 'server.crt'      # (change requires restart)
 #ssl_key_file = 'server.key'       # (change requires restart)
 #ssl_ca_file = ''          # (change requires restart)