| From: | Markus KARG <markus(at)headcrashing(dot)eu> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | psql v16.3 successfully connects via TLSv1.3 proxy, but psql v16.4 says "tlsv1 alert no application protocol" |
| Date: | 2024-12-25 17:05:29 |
| Message-ID: | 68ff85d7-9b41-40ec-bddf-0ca74fe09875@headcrashing.eu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Summary: The TLS behavior of psql changed between 16.3 and 16.4 as shown
below. If this is a bug, I kindly ask to fix it. If this is intended
behavior, I kindly as for a link with instructions how to work around
the problem.
Server:
I am running the official PostgreSQL 17.2 Docker Container
(https://hub.docker.com/layers/library/postgres/17.2/images/sha256-c063081175f45f4a3a5ac03c234e060e67618ebe75b49e2a7ffb79f8357bd1e6)
proxied by a TLSv1.3 proxy (official Traefik 3.2.3 Docker Container
https://hub.docker.com/layers/library/traefik/v3.2.3/images/sha256-06966a9ba1747ad724a490b8f27df1434c64e8eee5d681df03c4761c9653f62c)
Traefik utilizes ACME with Let's Encrypt to produce the TLS certificate.
I have neither reconfigured TLS in any other way, nor have I manually
provided TLS certificates to neither client nor server.
Client:
Using the official PostgresSQL Docker Container (16.3 vs 16.4+), I am
asking psql to connect to my server. While psql 16.3 and earlier
versions successfully connect via the TLS proxy to the PostgreSQL
server, psql 16.4 and later versions fail doing so:
root(at)hetzner-2:~# docker run -it postgres:16.3 psql "host=headcrashing.eu port=5432
dbname=postgres user=postgres password=... sslmode=require"
psql (16.3 (Debian 16.3-1.pgdg120+1), server 17.2 (Debian 17.2-1.pgdg120+1))
WARNING: psql major version 16, server major version 17.
Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256, compression: off)
Type"help" for help.
postgres=# \q
root(at)hetzner-2:~# docker run -it postgres:16.4 psql "host=headcrashing.eu port=5432
dbname=postgres user=postgres password=... sslmode=require"
psql: error: connection to server at"headcrashing.eu" (49.13.53.107), port 5432 failed: SSL error: tlsv1 alert no application protocol
Public Test Environment
Feel free to connect to my personal PostgreSQL 17 instance running at
|postgres.headcrashing.eu:5432| (TLS required).
With kind regards
-Markus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-12-25 17:39:22 | Re: psql v16.3 successfully connects via TLSv1.3 proxy, but psql v16.4 says "tlsv1 alert no application protocol" |
| Previous Message | Tomas Vondra | 2024-12-25 15:43:53 | Re: Corrupt index lead to skipped autovacuum |