From: | James Cloos <cloos(at)jhcloos(dot)com> |
---|---|
To: | Postgres Hackers List <pgsql-hackers(at)postgresql(dot)org> |
Cc: | Marko Kreen <markokr(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net> |
Subject: | Re: SSL: better default ciphersuite |
Date: | 2013-12-15 22:10:38 |
Message-ID: | m3lhzlsr2g.fsf@carbon.jhcloos.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
>>>>> "MK" == Marko Kreen <markokr(at)gmail(dot)com> writes:
>>>>> "PE" == Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
MK>> Well, we should - the DEFAULT is clearly a client-side default
MK>> for compatibility only. No server should ever run with it.
PE> Any other opinions on this out there?
For reference, see:
https://wiki.mozilla.org/Security/Server_Side_TLS
for the currently suggested suite for TLS servers.
That is:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:
ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:
AES128:AES256:RC4-SHA:HIGH:
!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
The page explains why.
But for pgsql, I'd leave off the !PSK; pre-shared keys may prove useful
for some. And RC4, perhaps, also should be !ed.
And if anyone wants Kerberos tls-authentication, one could add
KRB5-DES-CBC3-SHA, but that is ssl3-only.
Once salsa20-poly1305 lands in openssl, that should be added to the
start of the list.
-JimC
--
James Cloos <cloos(at)jhcloos(dot)com> OpenPGP: 1024D/ED7DAEA6
From | Date | Subject | |
---|---|---|---|
Next Message | Amit Kapila | 2013-12-16 04:27:15 | Re: [bug fix] pg_ctl always uses the same event source |
Previous Message | Pavel Stehule | 2013-12-15 18:59:01 | Re: patch: make_timestamp function |