From 53.2.9. SSL Session Encryption:
When SSL encryption can be performed, the server is expected to send only the single S byte and then wait for the frontend to initiate an SSL handshake. If additional bytes are available to read at this point, it likely means that a man-in-the-middle is attempting to perform a buffer-stuffing attack (CVE-2021-23222). Frontends should be coded either to read exactly one byte from the socket before turning the socket over to their SSL library, or to treat it as a protocol violation if they find they have read additional bytes.
An initial SSLRequest can also be used in a connection that is being opened to send a CancelRequest message.
While the protocol itself does not provide a way for the server to force SSL encryption, the administrator can configure the server to reject unencrypted sessions as a byproduct of authentication checking.
Has consideration been given to having something like ssl-mode=tls-only where the SSLRequest message is skipped and the TLS handshake starts immediately with the protocol continuing after that?
This has several advantages:
1) One less round-trip when establishing the connection, speeding this up. TLS 1.3 removed a round-trip and this was significant so it could help.
2) No possibility of downgrading to non-TLS. (Not sure this is an issue though.)
3) Connections work through normal TLS proxies and SNI can be used for routing.
This final advantage is the main reason I'd like to see this implemented. Postgres is increasingly being run in multi-tenant Kubernetes clusters where load-balancers and node ports are not available, cost or don't scale and it is currently difficult to connect to databases running there. If it was possible to use normal ingress TLS proxies, running Postgres in Kubernetes would be much easier and there are other use cases where just using TLS would be beneficial as well.
Questions about TLS SNI support have been asked for several years now and this would be a big usability improvement. SNI support was recently added to the client-side and this seems like the next logical step.
Thoughts?
- Keith