| From: | Michael Fuhr <mike(at)fuhr(dot)org> |
|---|---|
| To: | Andreas Seltenreich <uwi7(at)rz(dot)uni-karlsruhe(dot)de> |
| Cc: | Andrew M <andrew(at)jibeya(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: SSL confirmation |
| Date: | 2004-12-05 18:27:57 |
| Message-ID: | 20041205182757.GA46671@winnie.fuhr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-jdbc |
On Sun, Dec 05, 2004 at 06:59:41PM +0100, Andreas Seltenreich wrote:
> Andrew M. writes:
>
> > this what I get when I issue the openssl command:
> >
> > 6521:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> > failure:s23_lib.c:226:
> >
> > could you explain what this means if you know?
>
> I'm afraid, I think my suggestion to use openssl's s_client with the
> postmaster's builtin SSL support was bogus, since Magnus Hagander
> writes in an older message: "SSL is not enabled at connection time in
> pgsql - it is negotiatied with the postmaster, and enabled later."
>
> <URL:http://groups.google.de/groups?as_umsgid=81124B76C0CF364EBAC6CD213ABEDEF71D3095%40ARGON.edu.sollentuna.se>
>
> So using the openssl tools won't help here.
Right -- see the "Frontend/Backend Protocol" chapter in the
documentation, in particular the "SSL Session Encryption" section:
http://www.postgresql.org/docs/7.4/static/protocol-flow.html#AEN52782
You can use psql to check if SSL is working. Psql prints a message
like the following if SSL was successfully negotiated:
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew M | 2004-12-05 18:37:57 | Re: SSL confirmation |
| Previous Message | Julian Scarfe | 2004-12-05 18:11:15 | Index bloat in 7.2 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew M | 2004-12-05 18:37:57 | Re: SSL confirmation |
| Previous Message | Andreas Seltenreich | 2004-12-05 17:59:41 | Re: SSL confirmation |