From: | Dave Cramer <pg(at)fastcrypt(dot)com> |
---|---|
To: | Alexander Kjäll <alexander(dot)kjall(at)gmail(dot)com> |
Cc: | pgsql-jdbc(at)lists(dot)postgresql(dot)org |
Subject: | Re: ssl connection issues |
Date: | 2018-09-17 10:38:18 |
Message-ID: | CADK3HHJtkC=YeRfOKApZBJyF-O8q5wG=JYU4901uy-kj9WNGeA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
On Mon, 17 Sep 2018 at 06:10, Alexander Kjäll <alexander(dot)kjall(at)gmail(dot)com>
wrote:
> Another avenue for debugging would be to get a free "real" certificate
> from https://letsencrypt.org/ and check if that works.
>
> That way you can see if it's something in your certificate creation
> process that causes trouble.
>
> //Alexander Kjäll
>
> On 17. sep. 2018 11:56, Mark Rotteveel wrote:
> > On 2018-09-17 11:23, Gabriele Bulfon wrote:
> >> That may be a possibility, but given that I cannot upgrade at the
> >> moment, how can I check this and maybe change the required cipher to
> >> match?
> >
> > Debugging SSL problems is not really something I do regularly, but you
> > may want to see if changing the settings in the java.security policy
> > helps. Settings to try are:
> >
> > jdk.tls.disabledAlgorithms
> > jdk.certpath.disabledAlgorithms
> >
> > For reference:
> >
> > Java 8 Update 31, disabled SSLv3:
> > http://www.oracle.com/technetwork/java/javase/8u31-relnotes-2389094.html
> ,
> > Java 8 Update 51, disabled some cipher suites, and limitations for DH
> > keys where added:
> > http://www.oracle.com/technetwork/java/javase/8u51-relnotes-2587590.html
> ,
> > similar for Java 8 Update 60:
> > http://www.oracle.com/technetwork/java/javase/8u60-relnotes-2620227.html
> > Java 8 update 71 disabled MD5 hash validation of certificates
> > Java 8 update 121 added restrictions on DSA keysize:
> >
> http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html
> > Java 8 Update 141 disabled SHA-1 hashes for the certificate chain:
> >
> http://www.oracle.com/technetwork/java/javase/8u141-relnotes-3720385.html
> > Java 8 update 161 added limitations for DH keys, made some changes to
> > certificate validation and disabled a number of cipher suites:
> >
> http://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html
> > Java 8 update 171 disabled some ciphersuites:
> >
> http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html
> >
> > Mark
> >
>
>
have a look at certdir in the source code. Setting up the ssl tests is not
particularly difficult. Perhaps getting our tests working first might shed
some light ??
Dave Cramer
davec(at)postgresintl(dot)com
www.postgresintl.com
From | Date | Subject | |
---|---|---|---|
Next Message | Gabriele Bulfon | 2018-09-18 13:42:47 | Re: ssl connection issues |
Previous Message | Alexander Kjäll | 2018-09-17 10:10:07 | Re: ssl connection issues |