That may be a possibility, but given that I cannot upgrade at the moment, how can I check this and maybe change the required cipher to match?
Gabriele
Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon
----------------------------------------------------------------------------------
Da: Mark Rotteveel
A: Craig Ringer
Cc: pgsql-jdbc(at)lists(dot)postgresql(dot)org
Data: 17 settembre 2018 11.18.30 CEST
Oggetto: Re: ssl connection issues
On 2018-09-17 10:22, Craig Ringer wrote:
On 14 September 2018 at 18:20, Dave Cramer
wrote:
On Thu, 13 Sep 2018 at 11:10, Craig Ringer
wrote:
On 13 September 2018 at 20:23, Gabriele Bulfon
wrote:
Hello,
I recently configured Postgresql 9.0.9 with SSL only "on" and all
its needed server certificates.
I then created the client certificates and started working with them
from a windows client.
At first I used them with tools like Navicat, just specified the 3
certs files (key,crt and root.crt) in the ssl pane, worked fine.
Then I tried with ODBC, placed the files in %APPDATA%/postgresql
with correct names (postgresql.key, postgresql.crt, root.crt),
created the connection and tested it, worked fine.
Last I tried with jdbc, thinking it would have been so easy: I'm
fighting for 2 days with lots of different issues.
After some messing, I also finally discovered that, different from
odbc, it would look for a pk8 file (why this difference?).
AFAIK it's largely historical, and due to now-lifted limitations in
JSSE.
You should probably use sslfactory=org.postgresql.ssl.LibPQFactory
and possibly specify explicit paths for the sslcert and sslkey
parameters.
This seems to be undocumented, unfortunately.
the default is LibPQFactory and it is fairly well documented.
https://jdbc.postgresql.org/documentation/head/connect.html#connection-parameters
[1]
Nope, apparently the only problem is my reading ability. Sorry.
That does make me wonder why Gabriele is having this issue though.
Given the age of PostgreSQL 9.0, could it be a SSL/TLS version problem,
given all the default restrictions to supported SSL/TLS versions and
supported cipher suites in recent Java version?
Mark