Re: SSL: better default ciphersuite

On Fri, 2013-11-15 at 01:11 +0200, Marko Kreen wrote:
> Attached patch changes the default ciphersuite to
>
> HIGH:!aNULL
>
> instead of old
>
> DEFAULT:!LOW:!EXP:!MD5:@STRENGTH
>
> where DEFAULT is a shortcut for "ALL:!aNULL:!eNULL".

> Main goal is to leave low-level ciphersuite details to OpenSSL guys
> and give clear impression to Postgres admins what it is about.

If we want to leave the details of the ciphers to OpenSSL, I think we
shouldn't be second-guessing their judgement of what a reasonable
default is.

I checked Apache mod_ssl and Postfix, and even though they are
configuring this slightly differently, I think their defaults end up
being about the same as what PostgreSQL currently has.

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite
http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_ciphers

> HIGH:
> Contains only secure and well-researched algorithms.
>
> !aNULL
> Needed to disable suites that do not authenticate server.
> DEFAULT includes !aNULL by default.

Wouldn't HIGH exclude aNULL also? (If not, what about eNULL?)

> !MD5
> This affects only one suite: DES-CBC3-MD5, which is available only
> for SSL2 connections. So it would only pollute the default value.

I think this is only there for political correctness.

> @STRENGTH
> The OpenSSL cipher list is already sorted by humans,
> it's unlikely that mechanical sort would improve things.
> Also the existence of this value in old list is rather
> dubious, as server cipher order was never respected anyway.

Aren't you proposing to change that?