Disable ssl renegotiation by default.

While postgres' use of SSL renegotiation is a good idea in theory, it
turned out to not work well in practice. The specification and openssl's
implementation of it have lead to several security issues. Postgres' use
of renegotiation also had its share of bugs.

Additionally OpenSSL has a bunch of bugs around renegotiation, reported
and open for years, that regularly lead to connections breaking with
obscure error messages. We tried increasingly complex workarounds to get
around these bugs, but we didn't find anything complete.

Since these connection breakages often lead to hard to debug problems,
e.g. spuriously failing base backups and significant latency spikes when
synchronous replication is used, we have decided to change the default
setting for ssl renegotiation to 0 (disabled) in the released
backbranches and remove it entirely in 9.5 and master..

Author: Michael Paquier, with changes by me
Discussion: 20150624144148[email protected]
Backpatch: 9.0-9.4; 9.5 and master get a different patch

diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 51d7da9f1b3ee506797d2a60b240e5809535cc26..6a31fa63fe7b0ebf0792cee5b077d1cfa28d9280 100644 (file)
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -774,7 +774,7 @@ SET ENABLE_SEQSCAN TO OFF;
         cryptanalysis when large amounts of traffic can be examined, but it
         also carries a large performance penalty. The sum of sent and received
         traffic is used to check the limit. If this parameter is set to 0,
-        renegotiation is disabled. The default is <literal>512MB</>.
+        renegotiation is disabled. The default is <literal>0</>.
        </para>
        <note>
         <para>
@@ -786,6 +786,14 @@ SET ENABLE_SEQSCAN TO OFF;
          disabled.
         </para>
        </note>
+
+       <warning>
+        <para>
+         Due to bugs in <productname>OpenSSL</> enabling ssl renegotiation, by
+         configuring a non-zero <varname>ssl_renegotiation_limit</>, is likely
+         to lead to problems like long-lived connections breaking.
+        </para>
+       </warning>
       </listitem>
      </varlistentry>
 

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index e5ee0f84849f6a2e630d6cd9e19235beb8368a5c..d613846310b8b1f7cdc2294f10d1afd7eb565db8 100644 (file)
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -2307,7 +2307,7 @@ static struct config_int ConfigureNamesInt[] =
            GUC_UNIT_KB,
        },
        &ssl_renegotiation_limit,
-       512 * 1024, 0, MAX_KILOBYTES,
+       0, 0, MAX_KILOBYTES,
        NULL, NULL, NULL
    },
 

diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index 6fe692465809c8c3147f406f30209b825e861eeb..9042b399fa70bd4e54f5b0506f15b406bef279ff 100644 (file)
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -80,7 +80,7 @@
 #ssl = off             # (change requires restart)
 #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers
                    # (change requires restart)
-#ssl_renegotiation_limit = 512MB   # amount of data between renegotiations
+#ssl_renegotiation_limit = 0       # amount of data between renegotiations
 #ssl_cert_file = 'server.crt'      # (change requires restart)
 #ssl_key_file = 'server.key'       # (change requires restart)
 #ssl_ca_file = ''          # (change requires restart)