diff options
| -rw-r--r-- | doc/src/sgml/config.sgml | 28 | ||||
| -rw-r--r-- | src/backend/libpq/be-secure.c | 9 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc.c | 13 | ||||
| -rw-r--r-- | src/backend/utils/misc/postgresql.conf.sample | 1 |
4 files changed, 45 insertions, 6 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index f6d446553ca..770b95ab287 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.98.2.6 2007/05/15 15:35:58 neilc Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.98.2.7 2010/02/25 13:26:19 mha Exp $ --> <chapter Id="runtime-config"> <title>Server Configuration</title> @@ -569,6 +569,32 @@ SET ENABLE_SEQSCAN TO OFF; </listitem> </varlistentry> + <varlistentry id="guc-ssl-renegotiation-limit" xreflabel="ssl_renegotiation_limit"> + <term><varname>ssl_renegotiation_limit</varname> (<type>int</type>)</term> + <indexterm> + <primary><varname>ssl_renegotiation_limit</> configuration parameter</primary> + </indexterm> + <listitem> + <para> + Specifies how much data can flow over an <acronym>SSL</> encrypted connection + before renegotiation of the session will take place. Renegotiation of the + session decreases the chance of doing cryptanalysis when large amounts of data + are sent, but it also carries a large performance penalty. The sum of + sent and received traffic is used to check the limit. If the parameter is + set to 0, renegotiation is disabled. The default is <literal>512MB</>. + </para> + <note> + <para> + SSL libraries from before November 2009 are insecure when using SSL + renegotiation, due to a vulnerability in the SSL protocol. As a stop-gap fix + for this vulnerability, some vendors also shipped SSL libraries incapable + of doing renegotiation. If any of these libraries are in use on the client + or server, SSL renegotiation should be disabled. + </para> + </note> + </listitem> + </varlistentry> + <varlistentry id="guc-password-encryption" xreflabel="password_encryption"> <term><varname>password_encryption</varname> (<type>boolean</type>)</term> <indexterm> diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index df730b658c6..3612f5be0e4 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.74.2.5 2009/12/30 03:46:08 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.74.2.6 2010/02/25 13:26:19 mha Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -117,13 +117,14 @@ static void close_SSL(Port *); static const char *SSLerrmessage(void); #endif -#ifdef USE_SSL /* * How much data can be sent across a secure connection * (total in both directions) before we require renegotiation. + * Set to 0 to disable renegotiation completely. */ -#define RENEGOTIATION_LIMIT (512 * 1024 * 1024) +int ssl_renegotiation_limit; +#ifdef USE_SSL static SSL_CTX *SSL_context = NULL; #endif @@ -332,7 +333,7 @@ secure_write(Port *port, void *ptr, size_t len) { int err; - if (port->count > RENEGOTIATION_LIMIT) + if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L) { SSL_set_session_id_context(port->ssl, (void *) &SSL_context, sizeof(SSL_context)); diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index d9ff84593a1..d8a82ee10d3 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -10,7 +10,7 @@ * Written by Peter Eisentraut <peter_e@gmx.net>. * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.360.2.6 2010/01/24 21:49:48 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.360.2.7 2010/02/25 13:26:19 mha Exp $ * *-------------------------------------------------------------------- */ @@ -103,6 +103,7 @@ extern int CommitDelay; extern int CommitSiblings; extern char *default_tablespace; extern bool fullPageWrites; +extern int ssl_renegotiation_limit; #ifdef TRACE_SORT extern bool trace_sort; @@ -1622,6 +1623,16 @@ static struct config_int ConfigureNamesInt[] = }, { + {"ssl_renegotiation_limit", PGC_USERSET, CONN_AUTH_SECURITY, + gettext_noop("Set the amount of traffic to send and receive before renegotiating the encryption keys."), + NULL, + GUC_UNIT_KB, + }, + &ssl_renegotiation_limit, + 512 * 1024, 0, MAX_KILOBYTES, NULL, NULL + }, + + { {"tcp_keepalives_count", PGC_USERSET, CLIENT_CONN_OTHER, gettext_noop("Maximum number of TCP keepalive retransmits."), gettext_noop("This controls the number of consecutive keepalive retransmits that can be " diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index c1046fa86ea..115b3765ffd 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -74,6 +74,7 @@ #authentication_timeout = 1min # 1s-600s #ssl = off # (change requires restart) +#ssl_renegotiation_limit = 512MB # amount of data between renegotiations #password_encryption = on #db_user_namespace = off |