How to check is connection encrypted
Hi!
Old Postgres
"PostgreSQL 9.1.2 on x86_64-unknown-linux-gnu, compiled by gcc-4.4.real
(Debian 4.4.5-8) 4.4.5, 64-bit"
Server has symlinks server.crt and server.key in data directory
/var/lib/postgresql/9.1./main and ssl=true in postgresql.conf file.
Server is running in old Debian squueze.
Client accesses server from Windows 10 using psqlODBC driver with
sslmode=allow in connection string.
How to verify that connection is encrypted ? Is there some command in client
or server or can some protocol analyzer used if no easier way?
Andrus.
Posted also in
https://stackoverflow.com/questions/55296044/how-to-check-is-connection-encrypted
"Andrus" <kobruleht2@hot.ee> writes:
Client accesses server from Windows 10 using psqlODBC driver with
sslmode=allow in connection string.
How to verify that connection is encrypted ?
When using libpq directly, you could use PQsslInUse(),
or PQsslAttribute() for more detailed info. I'm not
sure if ODBC provides any way to get at that.
Or, if you want to check/enforce this from the server side,
you could enable log_connections and see what's logged;
or simply change pg_hba.conf to disallow non-SSL connections.
regards, tom lane
On 3/22/19 2:00 AM, Andrus wrote:
Hi!
Old Postgres
"PostgreSQL 9.1.2 on x86_64-unknown-linux-gnu, compiled by gcc-4.4.real
(Debian 4.4.5-8) 4.4.5, 64-bit"Server has symlinks server.crt and server.key in data directory
/var/lib/postgresql/9.1./main and ssl=true in postgresql.conf file.Server is running in old Debian squueze.
Client accesses server from Windows 10 using psqlODBC driver with
sslmode=allow in connection string.How to verify that connection is encrypted ? Is there some command in
client or server or can some protocol analyzer used if no easier way?
There is an extension:
https://www.postgresql.org/docs/9.1/sslinfo.html
Andrus.
Posted also in
https://stackoverflow.com/questions/55296044/how-to-check-is-connection-encrypted
--
Adrian Klaver
adrian.klaver@aklaver.com
Hi!
Or, if you want to check/enforce this from the server side,
you could enable log_connections and see what's logged;
or simply change pg_hba.conf to disallow non-SSL connections.
I set log_connections =on
pg_hba.conf contains :
local all postgres trust
local all all md5
hostssl yle all 0.0.0.0/0 md5
hostssl yle all ::1/0 md5
host yle testuser 0.0.0.0/0 reject
host yle testuser ::1/0 reject
...
log file does not show ssl connection info:
2019-03-22 16:49:03 EET [unknown] [unknown] LOG:
connection received: host=xx.xx.xx.xx port=54590
2019-03-22 16:49:04 EET testuser yle LOG: connection
authorized: user=testuser database=yle
Why Postgres 9.1.5 version does not show ssl connection info here ?
Does this mean that there is no SSL connection or is ssl info logging added
in newer versions ?
Andrus.
"Andrus" <kobruleht2@hot.ee> writes:
log file does not show ssl connection info:
2019-03-22 16:49:03 EET [unknown] [unknown] LOG:
connection received: host=xx.xx.xx.xx port=54590
2019-03-22 16:49:04 EET testuser yle LOG: connection
authorized: user=testuser database=yle
Why Postgres 9.1.5 version does not show ssl connection info here ?
Because that was added in 9.4 :-(
9.1.x is long out of support, and even if it weren't, the last release
was 9.1.24. You *REALLY* need to update.
regards, tom lane