On Mon, Oct 07, 2013 at 06:56:29PM +0200, Axel Rau wrote:
> Am 07.10.2013 um 18:01 schrieb Axel Rau <Axel.Rau@???>:
>
> > ?DEFER: PGSQL connection failed: SSL error: tlsv1 alert unknown ca
> On the pgsql server side, I have:
> ---
> ssl_ciphers = 'kEDH:HIGH:!aNULL:!MD5' #!#
This is a mistake. You probably meant:
kEDH+HIGH:!eNULL:!aNULL:!MD5:@STRENGTH
which is the properly sorted intersection of kEDH and HIGH, instead
you're getting the union of kEDH and HIGH without sensible sorting,
which include for example:
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
Such subtleties are the reason that the raw OpenSSL cipher
specification syntax should not be exposed directly to end-users.
PgSQL should provide a higher level interface defined in terms
of monotone cipher-suite grades.
Had you also included kEECDH, you'd even pick up some NULL ciphers:
ECDHE-RSA-NULL-SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1
ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
which authenticate, but don't encrypt. To allow EECDH safely, you need:
kEECDH+HIGH:kEDH+HIGH:!eNULL:!aNULL:!MD5:@STRENGTH
(and perhaps settings for DH and EECDH parameters if PgSQL does
not provide apropriate defaults).
--
Viktor.
