Re: Review:Patch: SSL: prefer server cipher order

On 11/16/2013 06:24 AM, Marko Kreen wrote:
> On Fri, Nov 15, 2013 at 02:16:52PM -0800, Adrian Klaver wrote:
>> On 11/15/2013 11:49 AM, Marko Kreen wrote:
>>> On Fri, Nov 15, 2013 at 11:16:25AM -0800, Adrian Klaver wrote:
>>>> The description of the GUCs show up in the documentation but I am
>>>> not seeing the GUCs themselves in postgresql.conf, so I could test
>>>> no further. It is entirely possible I am missing a step and would
>>>> appreciate enlightenment.
>>>
>>> Sorry, I forgot to update sample config.
>>>
>>> ssl-prefer-server-cipher-order-v2.patch
>>> - Add GUC to sample config
>>> - Change default value to 'true', per comments from Alvaro and Magnus.
>>>
>>> ssl-ecdh-v2.patch
>>> - Add GUC to sample config
>>>
>>
>> Well that worked.
>> I made ssl connections to the server using psql and verified it
>> respected the order of ssl_ciphers. I do not have a client available
>> with a different view of cipher order so I cannot test that.
>
> Well, these are GUC patches so the thing to test is whether the GUCs work.
>
> ssl-prefer-server-cipher-order:
> Use non-standard cipher order in server, eg: RC4-SHA:DHE-RSA-AES128-SHA,
> see if on/off works. You can see OpenSSL default order with
> "openssl ciphers -v".

ssl_ciphers = 'RC4-SHA:DHE-RSA-AES128-SHA'
ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'

aklaver(at)panda:~/pgsqlTest/data> ../bin/psql -d postgres -U aklaver -h
localhost
psql (9.4devel)
SSL connection (cipher: RC4-SHA, bits: 128)

ssl_ciphers = 'RC4-SHA:DHE-RSA-AES128-SHA'
ssl_prefer_server_ciphers = off
#ssl_ecdh_curve = 'prime256v1'

aklaver(at)panda:~/pgsqlTest/data> ../bin/psql -d postgres -U aklaver -h
localhost
psql (9.4devel)
SSL connection (cipher: DHE-RSA-AES128-SHA, bits: 128)

>
> ssl-ecdh:
> It should start using ECDHE-RSA immediately. Also see if adding
> !ECDH to ciphers will fall back to DHE. It's kind of hard to test
> the ssl_ecdh_curve as you can't see it anywhere. I tested it by
> measuring if bigger curve slowed connecting down...

ssl_ciphers = 'RC4-SHA:DHE-RSA-AES128-SHA'
ssl_prefer_server_ciphers = off
ssl_ecdh_curve = 'prime256v1'

aklaver(at)panda:~/pgsqlTest/data> ../bin/psql -d postgres -U aklaver -h
localhost
psql (9.4devel)
SSL connection (cipher: DHE-RSA-AES128-SHA, bits: 128)

ssl_ciphers = 'RC4-SHA:DHE-RSA-AES128-SHA'
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = 'prime256v1'

aklaver(at)panda:~/pgsqlTest/data> ../bin/psql -d postgres -U aklaver -h
localhost
psql (9.4devel)
SSL connection (cipher: RC4-SHA, bits: 128)

ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'
ssl_prefer_server_ciphers = on OR off
ssl_ecdh_curve = 'prime256v1'

aklaver(at)panda:~/pgsqlTest/data> ../bin/psql -d postgres -U aklaver -h
localhost
psql (9.4devel)
SSL connection (cipher: ECDHE-RSA-AES256-SHA, bits: 256)

ssl_ciphers = 'DEFAULT:!ECDH:!LOW:!EXP:!MD5:@STRENGTH'
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = 'prime256v1'

aklaver(at)panda:~/pgsqlTest/data> ../bin/psql -d postgres -U aklaver -h
localhost
psql (9.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

>
> Bonus - test EC keys:
> $ openssl ecparam -name prime256v1 -out ecparam.pem
> $ openssl req -x509 -newkey ec:ecparam.pem -days 9000 -nodes \
> -subj '/C=US/ST=Somewhere/L=Test/CN=localhost' \
> -keyout server.key -out server.crt

EC test:

ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'
ssl_prefer_server_ciphers = off OR on
ssl_ecdh_curve = 'prime256v1'

aklaver(at)panda:~/pgsqlTest/data> ../bin/psql -d postgres -U aklaver -h
localhost
psql (9.4devel)
SSL connection (cipher: ECDHE-ECDSA-AES256-SHA, bits: 256)

ssl_ciphers = 'RC4-SHA:DHE-RSA-AES128-SHA'
ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
Or
ssl_ecdh_curve = 'prime256v1'

aklaver(at)panda:~/pgsqlTest/data> ../bin/psql -d postgres -U aklaver -h
localhost
psql: SSL error: sslv3 alert handshake failure
FATAL: no pg_hba.conf entry for host "::1", user "aklaver", database
"postgres", SSL off

>
> ssl-better-default:
> SSL should stay working, openssl ciphers -v 'value' should not contain
> any weak suites (RC4, SEED, DES-CBC, EXP, NULL) and no non-authenticated
> suites (ADH/AECDH).
>

Not sure about the above, if it is a GUC I can't find it. If it is
something else than I will have to plead ignorance.

--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com