| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Christoph Berg <cb(at)df7cb(dot)de>, Chris Butler <cbutler(at)zedcore(dot)com>, "pgsql-pkg-debian(at)postgresql(dot)org" <pgsql-pkg-debian(at)postgresql(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] Re: Updated libpq5 packages cause connection errors on postgresql 9.2 |
| Date: | 2014-12-20 11:27:05 |
| Message-ID: | CABUevEybn48hJ6br0_hSTqoiCjQvjEn3BzC2LrS8B0=7b-UVzg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-pkg-debian |
On Fri, Dec 19, 2014 at 3:57 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > On Fri, Dec 19, 2014 at 11:52 AM, Christoph Berg <cb(at)df7cb(dot)de> wrote:
> >> Googling for "digest too big for rsa key" seems to indicate that this
> >> problem occurs when you are using (client?) certificates with short
> >> RSA keys. 512 bits is most often cited in the problem reports,
> >> something like 768 is around the minimum size that works, and of
> >> course, anything smaller than 1024 or really 1536 (or 2048) bits is
> >> too small for today's crypto standards.
> >>
> >> So the question here is if this is also the problem you saw - are you
> >> using client or server certificates with short keys?
> >>
> >> What this explanation doesn't explain is why the problem occurs with
> >> 9.4's libpq5 while it works with 9.3's. The libssl version used for
> >> building these packages should really be the same, 9.3.5-2.pgdg70+1
> >> was built just two days ago as well.
>
> > Some googling shows that this could be because it's negotiating TLS 1.2
> > which the key is just too small for. And we did change that in 9.4 -
> commit
> > 326e1d73c476a0b5061ef00134bdf57aed70d5e7 disabled SSL in favor of always
> > using TLS for security reasons.
>
> Hm ... the 9.4 release notes fail to describe that change adequately, and
> certainly don't mention that it would have any compatibility implications.
> Guess that needs to be fixed. Does anyone know offhand what the change in
> the minimum key length is across SSL/TLS versions, exactly?
>
I haven't seen a specific number, it might depend on exactly which cipher
is negotiated. See for example
http://openssl.6102.n7.nabble.com/What-is-the-reason-for-error-quot-SSL-negotiation-failed-error-04075070-rsa-routines-RSA-sign-digest-td43953.html
All references I have foud say at least 2014 is safe and 512 is broken, but
there are points in betwee nthat apparently works in some cases only.
I think if we say "use 1024 bits or more" we err on the safe side.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2014-12-20 14:17:21 | Re: Table-level log_autovacuum_min_duration |
| Previous Message | Amit Kapila | 2014-12-20 10:59:35 | Re: pg_basebackup vs. Windows and tablespaces |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | apt.postgresql.org repository | 2014-12-23 08:48:08 | slony1-2 updated to version 2.2.3-1.pgdg+2 |
| Previous Message | Tom Lane | 2014-12-19 14:57:55 | Re: [HACKERS] Re: Updated libpq5 packages cause connection errors on postgresql 9.2 |