Re: Post-CVE Wishlist

On 09/12/2021 17:24, Peter Eisentraut wrote:
> On 07.12.21 19:49, Jacob Champion wrote:
>>> = Implicit TLS =
>> Reactions to implicit TLS were mixed, from "we should not do this" to
>> "it might be nice to have the option, from a technical standpoint".
>> Both a separate-port model and a shared-port model were tentatively
>> proposed. The general consensus seems to be that the StartTLS-style
>> flow is currently sufficient from a security standpoint.
>>
>> I didn't see any responses that were outright in favor, so I think my
>> remaining question is: are there any committers who think a prototype
>> would be worth the time for a motivated implementer?
> 
> I'm quite interested in this.  My next question would be how complicated
> it would be.  Is it just a small block of code that peaks at a few bytes
> and decides it's a TLS handshake?  Or would it require a major
> restructuring of all the TLS support code?  Possibly something in the
> middle.

ProcessStartupPacket() currently reads the first 4 bytes coming from the 
client to decide what kind of a connection it is, and I believe a TLS 
ClientHello message always begins with the same sequence of bytes, so it 
would be easy to check for.

You could use recv(.., MSG_PEEK | MSG_WAITALL) flags to leave the bytes 
in the OS buffer. Not sure how portable that is, though. Alternatively, 
you could stash them e.g. in a global variable and modify 
secure_raw_read() to return those bytes first.

Overall, doesn't seem very hard to me.

- Heikki