| From: | Rob Sargent <robjsargent(at)gmail(dot)com> |
|---|---|
| To: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | localhost ssl |
| Date: | 2021-01-22 19:04:13 |
| Message-ID: | e77dddba-3c98-4cb2-5492-c0cf694c084d@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I will need to enforce ssl/tls in my production environment so I thought
I would try setting things up on localhost to see how that went.
Then I noticed that my successful connections from
"/usr/lib/postgresql/12/bin/psql -U postgres -h localhost -P pager=off
postgres" report:
psql (12.5 (Ubuntu 12.5-0ubuntu0.20.04.1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384,
bits: 256, compression: off)
Type "help" for help.
though my pg_hba.conf does not specify SSL at all
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS
METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 127.0.1.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
So to the questions:
1. Am I already getting encrypted connections and if so, how?
2. In production I hope to name the role with each connection as I want
the search_path set by the connecting role. Will I need a cert per role
with CN=<rolename>?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2021-01-22 19:15:03 | Re: localhost ssl |
| Previous Message | Márcio Antônio Sepp | 2021-01-22 17:53:39 | RES: Error while running restore [SOLVED] |