Always use 2048 bit DH parameters for OpenSSL ephemeral DH ciphers

Enterprise / PostgreSQL - Heikki Linnakangas [iki.fi] - 31 July 2017 15:36 EDT

1024 bits is considered weak these days, but OpenSSL always passes 1024 as the key length to the tmp_dh callback. All the code to handle other key lengths is, in fact, dead.

To remedy those issues:

- Only include hard-coded 2048-bit parameters.
- Set the parameters directly with SSL_CTX_set_tmp_dh(), without the callback
- The name of the file containing the DH parameters is now a GUC. This replaces the old hardcoded "dh1024.pem" filename. (The files for other key lengths, dh512.pem, dh2048.pem, etc. were never actually used.)

This is not a new problem, but it doesn't seem worth the risk and churn to backport. If you care enough about the strength of the DH parameters on old versions, you can create custom DH parameters, with as many bits as you wish, and put them in the "dh1024.pem" file.

Per report by Nicolas Guini and Damian Quiroga. Reviewed by Michael Paquier.

Discussion: https://www.postgresql.org/message-id/CAMxBoUyjOOautVozN6ofzym828aNrDjuCcOTcCquxjwS-L2hGQ@mail.gmail.com

c0a15e0 Always use 2048 bit DH parameters for OpenSSL ephemeral DH ciphers.
doc/src/sgml/config.sgml | 24 +++
src/backend/libpq/be-secure-openssl.c | 264 +++++++++-----------------
src/backend/libpq/be-secure.c | 1 +
src/backend/utils/misc/guc.c | 11 ++
src/backend/utils/misc/postgresql.conf.sample | 1 +
src/include/libpq/libpq.h | 1 +
6 files changed, 133 insertions(+), 169 deletions(-)

Upstream: git.postgresql.org


  • Share