Quick Links

Re: Question about UNIX socket connections and SSL

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Casey & Gina <cg(at)osss(dot)net>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Question about UNIX socket connections and SSL
Date:	2024-06-12 19:17:33
Message-ID:	1514893.1718219853@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Casey & Gina <cg(at)osss(dot)net> writes:
> So why can't I use SSL when connecting from a client to a UNIX socket?

(1) It'd add overhead without adding any security. Data going through
a UNIX socket will only pass through the local kernel, and if that's
compromised then it's game over anyway.

(2) I'm less sure about this part, but I seem to recall that openssl
doesn't actually work if given a UNIX socket.

Maybe there are reasons why those arguments are obsolete, but you
haven't presented any.

regards, tom lane

In response to

Question about UNIX socket connections and SSL at 2024-06-12 15:34:56 from Casey & Gina

Responses

Re: Question about UNIX socket connections and SSL at 2024-06-12 19:32:22 from Daniel Gustafsson
Re: Question about UNIX socket connections and SSL at 2024-06-12 20:46:50 from Casey & Gina

Browse pgsql-general by date

	From	Date	Subject
Next Message	Daniel Gustafsson	2024-06-12 19:32:22	Re: Question about UNIX socket connections and SSL
Previous Message	Karsten Hilbert	2024-06-12 19:13:39	Re: DROP COLLATION vs pg_collation question