Disable all TLS session tickets

OpenSSL supports two types of session tickets for TLSv1.3, stateless
and stateful. The option we've used only turns off stateless tickets
leaving stateful tickets active. Use the new API introduced in 1.1.1
to disable all types of tickets.

Backpatch to all supported versions.

Reviewed-by: Heikki Linnakangas 
Reported-by: Andres Freund 
Discussion: https://postgr.es/m/20240617173803[email protected]
Backpatch-through: v12

diff --git a/configure b/configure
index 0036a76875430940fbe800706d260352a6a55d34..ccac1c11ab764f5187b114b1eaac20dd8ff8bb81 100755 (executable)
--- a/configure
+++ b/configure
@@ -12591,12 +12591,13 @@ fi
 done
 
   # Function introduced in OpenSSL 1.1.1.
-  for ac_func in X509_get_signature_info
+  for ac_func in X509_get_signature_info SSL_CTX_set_num_tickets
 do :
-  ac_fn_c_check_func "$LINENO" "X509_get_signature_info" "ac_cv_func_X509_get_signature_info"
-if test "x$ac_cv_func_X509_get_signature_info" = xyes; then :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define HAVE_X509_GET_SIGNATURE_INFO 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 fi

diff --git a/configure.ac b/configure.ac
index 48bcf24e75467a66bedd532a279e3f511d1f1643..4852d2f53cef15b1ee5a46b42c6a124e4a7f381b 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1358,7 +1358,7 @@ if test "$with_ssl" = openssl ; then
   # function was removed.
   AC_CHECK_FUNCS([CRYPTO_lock])
   # Function introduced in OpenSSL 1.1.1.
-  AC_CHECK_FUNCS([X509_get_signature_info])
+  AC_CHECK_FUNCS([X509_get_signature_info SSL_CTX_set_num_tickets])
   AC_DEFINE([USE_OPENSSL], 1, [Define to 1 to build with OpenSSL support. (--with-ssl=openssl)])
 elif test "$with_ssl" != no ; then
   AC_MSG_ERROR([--with-ssl must specify openssl])

diff --git a/meson.build b/meson.build
index 3badbe831d95fd23b8b25e061345f56d82b447ae..29af7d0634200fe5d5281857bc341d15a8732dfc 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -1362,6 +1362,7 @@ if sslopt in ['auto', 'openssl']
 
       # Function introduced in OpenSSL 1.1.1
       ['X509_get_signature_info'],
+      ['SSL_CTX_set_num_tickets'],
     ]
 
     are_openssl_funcs_complete = true

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 39b1a66236b63c021a72c338d1b6a7c4a1a3a00a..162ac1eb7b77216c7250a5101f5318e95ff749e3 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -258,8 +258,20 @@ be_tls_init(bool isServerStart)
        }
    }
 
-   /* disallow SSL session tickets */
+   /*
+    * Disallow SSL session tickets. OpenSSL use both stateful and stateless
+    * tickets for TLSv1.3, and stateless ticket for TLSv1.2. SSL_OP_NO_TICKET
+    * is available since 0.9.8f but only turns off stateless tickets. In
+    * order to turn off stateful tickets we need SSL_CTX_set_num_tickets,
+    * which is available since OpenSSL 1.1.1. LibreSSL 3.5.4 (from OpenBSD
+    * 7.1) introduced this API for compatibility, but doesn't support session
+    * tickets at all so it's a no-op there.
+    */
+#ifdef HAVE_SSL_CTX_SET_NUM_TICKETS
+   SSL_CTX_set_num_tickets(context, 0);
+#else
    SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
+#endif
 
    /* disallow SSL session caching, too */
    SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF);

diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index f8d3e3b6b843cf77e0a956ca0f7b51c6f2650eb1..e2834912f89248e161daa730da76a4990213bfa8 100644 (file)
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -510,6 +510,9 @@
 /* Define to 1 if you have the `X509_get_signature_info' function. */
 #undef HAVE_X509_GET_SIGNATURE_INFO
 
+/* Define to 1 if you have the `SSL_CTX_set_num_tickets' function. */
+#undef HAVE_SSL_CTX_SET_NUM_TICKETS
+
 /* Define to 1 if the assembler supports X86_64's POPCNTQ instruction. */
 #undef HAVE_X86_64_POPCNTQ