On 5/18/21 8:05 AM, Chapman Flack wrote: > On 05/18/21 04:54, Magnus Hagander wrote: > >> I mean, if you have >> hostssl somedatabase someuser 10.0.0.0/24 gss >> hostssl somedatabase supseruser 10.0.0.0/24 gss tls_min_version=1.3 >> >> One would reasonably expect that "someuser" can connect with whatever >> the default version i for tls_min_versino, whereas "superuser" would >> require a minimum of 1.3. But that's *not* what would happen -- >> superuser would also be allowed to connect with a lower version if >> that's allowed in the global set. > Negatory. "superuser" would be allowed to send a StartupMessage > containing the strings "somedatabase" and "superuser" (and possibly > some settings of options) over a lower version if that's allowed > in the global set ... and would then have the connection rejected > because the negotiated protocol was lower than 1.3, without seeing > any authentication message or having a chance to send any sensitive > authentication credentials. > > So the risk of any information exposure over a too-low TLS version > is limited to the name of a database, the name of a user, and possibly > the settings of some options, and no sensitive authentication data. >
We are way off $subject. If we want to continue this discussion please use an appropriate subject. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
