From: | Pablo Iranzo Gómez <Pablo(dot)Iranzo(at)redhat(dot)com> |
---|---|
To: | Andreas Karlsson <andreas(at)proxel(dot)se> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Introducing SNI in TLS handshake for SSL connections |
Date: | 2018-12-14 07:37:08 |
Message-ID: | 20181214073708.GQ20222@redhat.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi,
+++ Andreas Karlsson [13/12/18 01:30 +0100]:
>On 12/11/18 3:52 PM, Pablo Iranzo Gómez wrote:
>>I came to this old thread while trying to figure out on how to setup
>>postgres replication behind OpenShift/Kubernetes behind a route
>>(which only forwards 80 or 443 traffic), but could work if SNI is
>>supported on the client using it.
>
>Hm ... while hacking at a patch for this I gave your specific problem
>some more thought.
>
>I am not familiar with OpenShift or Kubernetes but I want you to be
>aware of that whatever proxy you are going to use will still need to
>be aware of, at least a subset of, the PostgreSQL protocol, since
>similar to SMTP's STARTTLS command the PostgreSQL client will start
>out using the plain text PostgreSQL protocol and then request the
>server to switch over to SSL[1]. So it would be necessary to add
>support for this to whatever proxy you intend to use.
>
>Do you know if adding such custom protocol support is easy to do to
>the proxies you refer to? And do you have any links to documentation
>for these solutions?
I saw that they did incorporate some changes like SPDY support and other
http related things.
Let me try to find an answer (now sure how long will it take) and come
back.
I've did some basic search at
https://git.haproxy.org/?p=haproxy.git;a=summary but nothing evident
(for me).
I'll keep you updated.
Pablo
>
>Notes
>
>1. https://www.postgresql.org/docs/11/protocol-flow.html#id-1.10.5.7.11
>
>Andreas
--
Pablo Iranzo Gómez (Pablo(dot)Iranzo(at)redhat(dot)com) GnuPG: 0x5BD8E1E4
Senior Software Engineer - Solutions Engineering iranzo @ IRC
RHC{A,SS,DS,VA,E,SA,SP,AOSP}, JBCAA #110-215-852 RHCA Level V
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Meskes | 2018-12-14 07:42:21 | Re: [PROPOSAL]a new data type 'bytea' for ECPG |
Previous Message | Rushabh Lathia | 2018-12-14 06:02:09 | Re: Hitting CheckRelationLockedByMe() ASSERT with force_generic_plan |