We’re planning on using FDB 6.0.18 (or 6.1 if it’s ready) with the TLS Plugin, but ran into some questions regarding the TLS plugin:
- Does FDB provide support for automatic Hostname / IP verification against a peers provided certificate during connection?
- If not, are there any plans to add this feature in future releases?
- Are there any published guidelines or guidance on how to safely update the
tls_verify_peerssettings in a live cluster like without data loss / down time? (example: If you need to add or remove authorization for a specific subjectNameAlt, root CN, etc.)
Research Performed so Far
I’ve done some (limited) testing in my own environment using a self-signed certificate and it seems like the Hostname / IP of the peer is not verified against its provided certificate by default. I couldn’t verify if this was a unique nuance of using a self-signed certificate or if this is just the default mode of operation.
I was able to enable rudimentary Hostname / IP verification by using the
tls_verify_peers setting to verify against known subjectNameAlt values (which works as expected), but this doesn’t ensure that the peer presenting the certificate owns / is associated with the certificate. Furthermore, there doesn’t seem to be any way for us to verify that each peer in the cluster is using a certificate which is assigned to them.
I’ve read the main documentation on Transport Layer Security which seems to imply that the default verification is just verifying that the provided Certificate and Key match and that they are signed by the provided Cert Authority, but neither of these appear to help with common security holes.
I’ve also read several of the common threads on TLS, Authentication and security (referenced below), so I realize that FDB only provides limited TLS support and isn’t attempting to sell itself as a secure solution. I just want to make sure we aren’t missing something obvious in the implementation that isn’t fully documented which may address some of our specific needs (without building a full Auth / Auth solution framework on top of FDB).
- What are the authentication/authorization options?
- Upgrading FoundationDB
Thanks in advance!