On 09/12/2021 17:24, Peter Eisentraut wrote:
On 07.12.21 19:49, Jacob Champion wrote:
= Implicit TLS =
Reactions to implicit TLS were mixed, from "we should not do this" to
"it might be nice to have the option, from a technical standpoint".
Both a separate-port model and a shared-port model were tentatively
proposed. The general consensus seems to be that the StartTLS-style
flow is currently sufficient from a security standpoint.
I didn't see any responses that were outright in favor, so I think my
remaining question is: are there any committers who think a prototype
would be worth the time for a motivated implementer?
I'm quite interested in this. My next question would be how complicated
it would be. Is it just a small block of code that peaks at a few bytes
and decides it's a TLS handshake? Or would it require a major
restructuring of all the TLS support code? Possibly something in the
middle.
ProcessStartupPacket() currently reads the first 4 bytes coming from the
client to decide what kind of a connection it is, and I believe a TLS
ClientHello message always begins with the same sequence of bytes, so it
would be easy to check for.
You could use recv(.., MSG_PEEK | MSG_WAITALL) flags to leave the bytes
in the OS buffer. Not sure how portable that is, though. Alternatively,
you could stash them e.g. in a global variable and modify
secure_raw_read() to return those bytes first.
Overall, doesn't seem very hard to me.
- Heikki
