Heikki Linnakangas <hlinnaka@iki.fi> writes:
> On 04/12/2017 06:26 PM, Bruce Momjian wrote:
>> How does it do that?
> Good question, crypto magic? I don't know the details, but the basic
> idea is that you extract a blob of data that uniquely identifies the TLS
> connection. Using some OpenSSL functions, in this case. I think it's a
> hash of some of the TLS handshake messages that were used when the TLS
> connection was established (that's what "tls-unique" means). That data
> is then incorporated in the hash calculations of the SCRAM
> authentication. If the client and the server are not speaking over the
> same TLS connection, they will use different values for the TLS data,
> and the SCRAM computations will not match, and you get an authentication
> failure.
... which the user can't tell apart from having fat-fingered the password,
I suppose? Doesn't sound terribly friendly. A report of a certificate
mismatch is far more likely to lead people to realize there's a MITM.
So this seems more like a hack than like a feature we need so desperately
as to push it into v10 post-freeze.
regards, tom lane