Re: SSL confirmation

From: Michael Fuhr <mike(at)fuhr(dot)org>
To: Andreas Seltenreich <uwi7(at)rz(dot)uni-karlsruhe(dot)de>
Cc: Andrew M <andrew(at)jibeya(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: SSL confirmation
Date: 2004-12-05 18:27:57
Message-ID: 20041205182757.GA46671@winnie.fuhr.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-jdbc

On Sun, Dec 05, 2004 at 06:59:41PM +0100, Andreas Seltenreich wrote:
> Andrew M. writes:
>
> > this what I get when I issue the openssl command:
> >
> > 6521:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> > failure:s23_lib.c:226:
> >
> > could you explain what this means if you know?
>
> I'm afraid, I think my suggestion to use openssl's s_client with the
> postmaster's builtin SSL support was bogus, since Magnus Hagander
> writes in an older message: "SSL is not enabled at connection time in
> pgsql - it is negotiatied with the postmaster, and enabled later."
>
> <URL:http://groups.google.de/groups?as_umsgid=81124B76C0CF364EBAC6CD213ABEDEF71D3095%40ARGON.edu.sollentuna.se>
>
> So using the openssl tools won't help here.

Right -- see the "Frontend/Backend Protocol" chapter in the
documentation, in particular the "SSL Session Encryption" section:

http://www.postgresql.org/docs/7.4/static/protocol-flow.html#AEN52782

You can use psql to check if SSL is working. Psql prints a message
like the following if SSL was successfully negotiated:

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Andrew M 2004-12-05 18:37:57 Re: SSL confirmation
Previous Message Julian Scarfe 2004-12-05 18:11:15 Index bloat in 7.2

Browse pgsql-jdbc by date

  From Date Subject
Next Message Andrew M 2004-12-05 18:37:57 Re: SSL confirmation
Previous Message Andreas Seltenreich 2004-12-05 17:59:41 Re: SSL confirmation