| From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
|---|---|
| To: | Pablo Iranzo Gómez <Pablo(dot)Iranzo(at)redhat(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Introducing SNI in TLS handshake for SSL connections |
| Date: | 2018-12-13 00:30:06 |
| Message-ID: | 204720ce-a817-0ab3-3c51-5c950960b95c@proxel.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 12/11/18 3:52 PM, Pablo Iranzo Gómez wrote:
> I came to this old thread while trying to figure out on how to setup
> postgres replication behind OpenShift/Kubernetes behind a route (which
> only forwards 80 or 443 traffic), but could work if SNI is supported on
> the client using it.
Hm ... while hacking at a patch for this I gave your specific problem
some more thought.
I am not familiar with OpenShift or Kubernetes but I want you to be
aware of that whatever proxy you are going to use will still need to be
aware of, at least a subset of, the PostgreSQL protocol, since similar
to SMTP's STARTTLS command the PostgreSQL client will start out using
the plain text PostgreSQL protocol and then request the server to switch
over to SSL[1]. So it would be necessary to add support for this to
whatever proxy you intend to use.
Do you know if adding such custom protocol support is easy to do to the
proxies you refer to? And do you have any links to documentation for
these solutions?
Notes
1. https://www.postgresql.org/docs/11/protocol-flow.html#id-1.10.5.7.11
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hao Wu | 2018-12-13 03:02:34 | Where to save data used by extension ? |
| Previous Message | Michael Paquier | 2018-12-13 00:17:12 | Re: Add timeline to partial WAL segments |