From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | jian xu <jamesxu(at)outlook(dot)com> |
Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: pg13 psql can't connect pg instance with ssl enabled after upgrading |
Date: | 2021-02-12 21:50:23 |
Message-ID: | 1608034.1613166623@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
jian xu <jamesxu(at)outlook(dot)com> writes:
> the instance didn't have ssl enabled, we upgraded it to pg13, then enabled ssl, however when we try to login with pg13 psql 13, psql always try ssl=off to login
> public_postgresql_13_1/bin/psql "sslmode=require host=xxxxxx dbname=postgres"
> psql: error: FATAL: no pg_hba.conf entry for host "xxxxx", user "xxxx", database "postgres", SSL off
Are you entirely sure that that version of psql (or more accurately,
the libpq it's linked to) was built with SSL support?
If you are in an environment where GSS encryption is possible, it
could also be that you're being bit by the recently-fixed bug that
libpq didn't fall back from GSS to SSL encryption correctly [1].
That seems unlikely though, as both client and server would need to
possess active Kerberos tickets.
regards, tom lane
[1] https://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=06b844c2b
From | Date | Subject | |
---|---|---|---|
Next Message | Pepe TD Vo | 2021-02-12 22:18:17 | pg_baseback could not connect in AWS linux 2 |
Previous Message | jian xu | 2021-02-12 21:16:23 | pg13 psql can't connect pg instance with ssl enabled after upgrading |