Re: SSL tests failing with "ee key too small" error on Debian SID - Mailing list pgsql-hackers
| From | Kyotaro HORIGUCHI |
|---|---|
| Subject | Re: SSL tests failing with "ee key too small" error on Debian SID |
| Date | |
| Msg-id | 20181001.211801.02968449.horiguchi.kyotaro@lab.ntt.co.jp Whole thread Raw |
| In response to | Re: SSL tests failing with "ee key too small" error on Debian SID (Michael Paquier <michael@paquier.xyz>) |
| Responses |
Re: SSL tests failing with "ee key too small" error on Debian SID
Re: SSL tests failing with "ee key too small" error on Debian SID Re: SSL tests failing with "ee key too small" error on Debian SID |
| List | pgsql-hackers |
At Tue, 25 Sep 2018 14:26:42 +0900, Michael Paquier <michael@paquier.xyz> wrote in <20180925052642.GJ1354@paquier.xyz> > On Tue, Sep 25, 2018 at 12:48:57PM +0900, Kyotaro HORIGUCHI wrote: > > Do you mean that cert/key files are generated on-the-fly while > > running 'make check'? It sounds reasonable as long as just > > replaceing existing files with those with longer (2048bits?) keys > > doesn't work for all supported platforms. > > The files are present by default in the tree, but can be regenerated > easily by using the makefile rule "sslfiles". From what I can see, this > is caused by OpenSSL 1.1.1 which Debian SID has visibly upgraded to > recently. That's the version I have on my system. I have not dug much > into the Makefile to see if things could get done right and change the > openssl commands though.. # I have no experience in Debian.. In Debian /etc/ssl/openssl.cnf has been changed to "CiperString=DEFAULT@SECLEVEL=2", which implies that "RSA and DHE keys need to be at least 2048 bit long" according to the following page. https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1 It seems to be Debian's special feature and I suppose (differently from the previous mail..) it won't happen on other platforms. Instead, I managed to cause "ee key too smal" by setting ssl_ciphers in postgresql.conf as the follows with openssl 1.1.1. With the first attached it happens during 001_ssltests_master. ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL@SECLEVEL=2' # allowed SSL ciphers The attached second patch just changes key size to 2048 bits and "ee key too small" are eliminated in 001_ssltests_master, but instead I got "ca md too weak" error. This is eliminated by using sha256 instead of sha1 in cas.config. (third attached) By the way I got (with both 1.0.2k and 1.1.1) a "tlsv1 alert unknown ca" error from 002_scram.pl. It is fixed for me by the forth attached, but I'm not sure why we haven't have such a complain. (It happens only for me?) regards. -- Kyotaro Horiguchi NTT Open Source Software Center diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index 2b875a3c95..6d267f994e 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -43,6 +43,10 @@ chmod 0644, "ssl/client_wrongperms_tmp.key"; note "setting up data directory"; my $node = get_new_node('master'); $node->init; +#### ##### restrict cipher suites +$node->append_conf("postgresql.conf", <<'EOF'); +ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL@SECLEVEL=2' # allowed SSL ciphers +EOF # PGHOST is enforced here to set up the node, subsequent connections # will use a dedicated connection string. diff --git a/src/test/ssl/Makefile b/src/test/ssl/Makefile index 97389c90f8..4b621e18b6 100644 --- a/src/test/ssl/Makefile +++ b/src/test/ssl/Makefile @@ -39,7 +39,7 @@ ssl/new_certs_dir: # Rule for creating private/public key pairs. ssl/%.key: - openssl genrsa -out $@ 1024 + openssl genrsa -out $@ 2048 chmod 0600 $@ # Root CA certificate diff --git a/src/test/ssl/cas.config b/src/test/ssl/cas.config index 013cebae16..8c0ef6d82b 100644 --- a/src/test/ssl/cas.config +++ b/src/test/ssl/cas.config @@ -13,7 +13,7 @@ basicConstraints = CA:true dir = ./ssl/ database = ./ssl/root_ca-certindex serial = ./ssl/root_ca.srl -default_md = sha1 +default_md = sha256 default_days= 10000 default_crl_days= 10000 certificate = ./ssl/root_ca.crt @@ -26,7 +26,7 @@ email_in_dn = no [ server_ca ] dir = ./ssl/ database = ./ssl/server_ca-certindex -default_md = sha1 +default_md = sha256 default_days= 10000 default_crl_days= 10000 certificate = ./ssl/server_ca.crt @@ -42,7 +42,7 @@ crl = ./ssl/server.crl [ client_ca ] dir = ./ssl/ database = ./ssl/client_ca-certindex -default_md = sha1 +default_md = sha256 default_days= 10000 default_crl_days= 10000 certificate = ./ssl/client_ca.crt diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index b460a7fa8a..147f51783d 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -39,7 +39,7 @@ configure_test_server_for_ssl($node, $SERVERHOSTADDR, "scram-sha-256", switch_server_cert($node, 'server-cn-only'); $ENV{PGPASSWORD} = "pass"; $common_connstr = - "user=ssltestuser dbname=trustdb sslmode=require hostaddr=$SERVERHOSTADDR"; + "user=ssltestuser dbname=trustdb sslmode=require sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR"; # Default settings test_connect_ok($common_connstr, '',
pgsql-hackers by date: