PostgreSQL - Weak DH group

Поиск
Список
Период
Сортировка
От Nicolas Guini
Тема PostgreSQL - Weak DH group
Дата
Msg-id CAMxBoUyjOOautVozN6ofzym828aNrDjuCcOTcCquxjwS-L2hGQ@mail.gmail.com
обсуждение исходный текст
Ответы Re: PostgreSQL - Weak DH group
Список pgsql-hackers
Дерево обсуждения
Hello everyone,

I sent few days ago to the security DL a mail reporting a vulnerability in how Postgres is requesting DH params to be used later for encryption algorithms. So, due to there is no problem sharing with this group, here is what I sent:

------------------------------------------------------------------------------------------------------------------------------------------
 Hi folks,

 

                We are working with Postgres 9.3.14 and executing nmap we found that it is using “weak DH group” (nmap –script ssl-dh-params). Weak = 1024 bits.

                See nmap output (1)

            

                We don’t know if other versions are affected or not. The environment used is a RHEL 6 x86_6, OpenSSL version 1.0.2i with FIPS module.

    This issue is similar to what this post explains about using weak DH parameters: http://www.usefuljs.net/2016/09/29/imperfect-forward-secrecy/

 

                Following with the code, it seems that PostgreSQL has missed the keyLength OpenSSL parameter, and it delivers into a weak crypto configuration.. Affected Code:

https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/libpq/be-secure-openssl.c;h=8d8f12952a4a4f14a15f8647b96935e13d68fb39;hb=48d50840d53eb62842c0d9b54eab9cd7c9a3a46d

 

                (Thanks to Damian in order to found the affected code)

 


(1) nmap output:


nmap –script ssl-dh-params -p 5432 <ip>


Starting Nmap 7.25BETA2 ( https://nmap.org )

Nmap scan report for <ip>

Host is up (0.00035s latency).

PORT     STATE SERVICE

5432/tcp open  postgresql

| ssl-dh-params:

|   VULNERABLE:

|   Diffie-Hellman Key Exchange Insufficient Group Strength

|     State: VULNERABLE

|       Transport Layer Security (TLS) services that use Diffie-Hellman groups

|       of insufficient strength, especially those using one of a few commonly

|       shared groups, may be susceptible to passive eavesdropping attacks.

|     Check results:

|       WEAK DH GROUP 1

|             Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

|             Modulus Type: Safe prime

|             Modulus Source: Unknown/Custom-generated

|             Modulus Length: 1024

|             Generator Length: 8

|             Public Key Length: 1024

|     References:

|_      https://weakdh.org

 

------------------------------------------------------------------------------------------------------------------------------------------


 

Thanks in advance

Nicolas Guini

В списке pgsql-hackers по дате отправления: