Re: SSL for JDBC

Takeo,

There is more work necessary than what you have tried. Please look at
the documentation for how the postgres server negotiates a connection
with the client regarding ssl.
http://www.postgresql.org/docs/view.php?version=7.3&idoc=0&file=protocol-protocol.html#AEN54636

Basically, the connection is initiated with non-ssl and then converted
to ssl later. I was just looking at the java ssl API and I don't see a
way to do this in java. Does anyone more familiar with java ssl support
know how you can convert a regular socket connection to ssl after you
have created and used it?

thanks,
--Barry

Takeo Shibata wrote:
> Hi
>
> I try to connect to postgresql server by
> SSL via JDBC.
>
> But I got always error. The handshake always fail.
>
> I create the SSL Private key 'server.key' and selfsigned certificate
> 'server.crt' by openssl.
> and configure postgresql to accept ssl.
>
> When I connect by psql like
>
> #psql -h 192.168.1.20 TestDB -u
> ---Outpot---------
> psql: Warning: The -u option is deprecated. Use -U.
> User name: testuser
> Password:testpass
> Welcome to psql, the PostgreSQL interactive terminal.
>
> Type: \copyright for distribution terms
> \h for help with SQL commands
> \? for help on internal slash commands
> \g or terminate with semicolon to execute query
> \q to quit
>
> SSL connection (cipher: DES-CBC3-SHA, bits: 168)
> ----------------------
>
> So SSL connection is correctly setup in the postgresql server.
>
> Then, I modified the postgresql Driver, PG_Stream.java and replcace the
> Socket by SSLSocket as following.
>
> ++++++++++++++++++++++++++++
> //connection = new Socket(host, port);
> SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
> connection = (SSLSocket) factory.createSocket(host,port);
> connection.startHandshake();
>
> ~~
> //private Socket connection
> private SSLSocket connection;
> +++++++++++++++++++++++++
>
> Than I add the certificate into the root CA to be trusted.
> keytool -import -storetype jks -keystore cacerts -file server.crt
> cacerts is in java_home/jre/lib/security/cacerts.
>
> But I still got the error.
>
> -->Exception: The connection attempt failed because Exception:
> javax.net.ssl.SSL
> Exception: Unrecognized SSL handshake.
> Stack Trace:
> javax.net.ssl.SSLException: Unrecognized SSL handshake.
> at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> at java.io.OutputStream.write(OutputStream.java:58)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
> at org.postgresql.PG_Stream.<init>(PG_Stream.java:32)
> at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJ
> dbc1Connection.java:160)
> at org.postgresql.Driver.connect(Driver.java:122)
> at java.sql.DriverManager.getConnection(DriverManager.java:512)
> at java.sql.DriverManager.getConnection(DriverManager.java:171)
> at test.connectdb(test.java:47)
>
>
> I am wondering if anybody have successfuly connected from JDBC to PostgreSQL
> by SSL.
> Please help me!
>
> Hopefully, SSL supported driver is coming soon!
> Thank you.
>
> Tak
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>