| From: | Hao Zhang <kennthhz(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | psql sslmode behavior and trace_connection_negotiation in PG17 |
| Date: | 2024-07-18 04:12:52 |
| Message-ID: | CAGXpB2mwQqJv0pJL8u1ZduiUERYuWxr8_xdGbhWRAfmYyq8J7g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi
I tried to connect with psql + client sslmode = require + server requiring
ssl with PG17 and trace_connection_negotiation = "on". So "SSLRequest
accepted" is logged twice with two different PID. I believe the PID 15553
is psql and 15554 is the PG backend. How do you explain the two connections
with SSLRequest? From the log, it seems psql made a connection to itself
with SSLRequest and proxied that to Postgres server with a full SSL
negotiation. I never saw a log on 15553's connection being closed when I
closed the psql process. Does this behavior match what was talked about in
the below hacker thread on additional connection?
2024-07-17 03:06:54.492 PDT [15553] LOG: connection received:
host=127.0.0.1 port=54002
2024-07-17 03:06:54.492 PDT [15553] LOG: SSLRequest accepted
2024-07-17 03:06:59.982 PDT [15554] LOG: connection received:
host=127.0.0.1 port=54004
2024-07-17 03:06:59.982 PDT [15554] LOG: SSLRequest accepted
2024-07-17 03:06:59.994 PDT [15554] LOG: connection authenticated:
identity="postgres" method=md5 (/usr/local/pgsql/data/pg_hba.conf:18)
2024-07-17 03:06:59.994 PDT [15554] LOG: connection authorized:
user=postgres database=postgres application_name=psql SSL enabled
(protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-07-18 04:48:30 | Re: psql sslmode behavior and trace_connection_negotiation in PG17 |
| Previous Message | H | 2024-07-18 01:34:20 | Re: Searching for libpq5-13 and libpq5-devel-13 for CentOS/RHEL 7 |