Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

Hi,

On 10/03/2017 06:15 AM, Zeus Kronion wrote:
> 2) I was surprised to learn the following from the docs:
>
>> By default, PostgreSQL will not perform any verification of the server
> certificate. This means that it is possible to spoof the server identity (for
> example by modifying a DNS record or by taking over the server IP address)
> without the client knowing. In order to prevent spoofing, SSL certificate
> verification must be used.
>
> Is there a technical reason to perform no verification by default? Wouldn't a
> safer default be desirable?

If you want to verify server's certificate you should use DANE [1] + DNSSEC [2]
? (I am not an SSL expert too)

If I understand correctly, you can store your certificate in a DNS record
(TLSA). Then the client can check the certificate. You must trust your DNS
server (protection against spoofing), that's why you have to use DNSSEC.



1: https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
2: https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions

--
Adrien NAYRAT