No configuration option to require SSL on database connections
Bug #2064756 reported by
Kyle Metscher
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Landscape Server | Status tracked in Beta | |||||
23.03 |
Fix Released
|
Undecided
|
Spencer Runde | |||
24.04 |
Fix Released
|
Undecided
|
Spencer Runde | |||
24.10 |
Fix Committed
|
Undecided
|
Spencer Runde | |||
Beta |
Fix Released
|
Medium
|
Spencer Runde |
Bug Description
Existing options for database store configuration in service.conf do not include an option for making SSL negotiation mandatory. As a result, services can open non-SSL connections to the PostgreSQL database, which raises compliance concerns for environments where in-flight encryption is required across the entire network.
To replicate, deploy Landscape manually with at least two hosts to separate the application server from the database. Configure info-level logging on the PostgreSQL database cluster and observe non-SSL connections being made in the logs. This can be made more obvious by editing rules in pg_hba.conf to require hostssl connections.
information type: | Proprietary → Public |
Changed in landscape: | |
assignee: | nobody → Spencer Runde (spencerrunde) |
Changed in landscape: | |
importance: | Undecided → Medium |
Changed in landscape: | |
status: | New → In Progress |
Changed in landscape: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Development on this is mostly finished. The configuration option will only affect connections made by the package-search service. The Python services (i.e., all the other ones) will continue to use the default sslmode=prefer.