Disable all TLS session tickets

OpenSSL supports two types of session tickets for TLSv1.3, stateless
and stateful. The option we've used only turns off stateless tickets
leaving stateful tickets active. Use the new API introduced in 1.1.1
to disable all types of tickets.

Backpatch to all supported versions.

Reviewed-by: Heikki Linnakangas <[email protected]>
Reported-by: Andres Freund <[email protected]>
Discussion: https://postgr.es/m/20240617173803[email protected]
Backpatch-through: v12

diff --git a/configure b/configure
index a92dca129df9046f4ad2ce1f6bb136e87a8f7451..5e4872376bc856dabaa5de60f4d46c6ab2cf532e 100755 (executable)
--- a/configure
+++ b/configure
@@ -12668,12 +12668,13 @@ fi
 done
 
   # Function introduced in OpenSSL 1.1.1.
-  for ac_func in X509_get_signature_info
+  for ac_func in X509_get_signature_info SSL_CTX_set_num_tickets
 do :
-  ac_fn_c_check_func "$LINENO" "X509_get_signature_info" "ac_cv_func_X509_get_signature_info"
-if test "x$ac_cv_func_X509_get_signature_info" = xyes; then :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define HAVE_X509_GET_SIGNATURE_INFO 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 fi

diff --git a/configure.in b/configure.in
index 6c19a803697939cfd4f8d74ddcaf0aea7f4f241e..bd6c0776d5db1024f1120488264c61a1d25a540c 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -1296,7 +1296,7 @@ if test "$with_openssl" = yes ; then
   # function was removed.
   AC_CHECK_FUNCS([CRYPTO_lock])
   # Function introduced in OpenSSL 1.1.1.
-  AC_CHECK_FUNCS([X509_get_signature_info])
+  AC_CHECK_FUNCS([X509_get_signature_info SSL_CTX_set_num_tickets])
   # SSL_clear_options is a macro in OpenSSL from 0.9.8 to 1.0.2, and
   # a function from 1.1.0 onwards so we cannot use AC_CHECK_FUNCS.
   AC_CACHE_CHECK([for SSL_clear_options], ac_cv_func_ssl_clear_options,

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index e19f4f0981c2db89e30de86e0833e693eced3e6d..378e06b4d6e1f2911a78e38a46ed51e84bb7fdf9 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -225,9 +225,21 @@ be_tls_init(bool isServerStart)
        }
    }
 
-   /* disallow SSL session tickets */
-#ifdef SSL_OP_NO_TICKET            /* added in OpenSSL 0.9.8f */
+   /*
+    * Disallow SSL session tickets. OpenSSL use both stateful and stateless
+    * tickets for TLSv1.3, and stateless ticket for TLSv1.2. SSL_OP_NO_TICKET
+    * is available since 0.9.8f but only turns off stateless tickets. In
+    * order to turn off stateful tickets we need SSL_CTX_set_num_tickets,
+    * which is available since OpenSSL 1.1.1. LibreSSL 3.5.4 (from OpenBSD
+    * 7.1) introduced this API for compatibility, but doesn't support session
+    * tickets at all so it's a no-op there.
+    */
+#ifdef HAVE_SSL_CTX_SET_NUM_TICKETS
+   SSL_CTX_set_num_tickets(context, 0);
+#else
+#ifdef SSL_OP_NO_TICKET                        /* added in OpenSSL 0.9.8f */
    SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
+#endif
 #endif
 
    /* disallow SSL session caching, too */

diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 1e9d21c3e47964da56cdedcaeb66aeb2cefed321..e7f6fe164a121d475b82e1a93109c57511443db2 100644 (file)
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -736,6 +736,9 @@
 /* Define to 1 if you have the `X509_get_signature_nid' function. */
 #undef HAVE_X509_GET_SIGNATURE_NID
 
+/* Define to 1 if you have the `SSL_CTX_set_num_tickets' function. */
+#undef HAVE_SSL_CTX_SET_NUM_TICKETS
+
 /* Define to 1 if the assembler supports X86_64's POPCNTQ instruction. */
 #undef HAVE_X86_64_POPCNTQ