Skip site navigation (1) Skip section navigation (2)

Re: SSL

From: Richard Broersma Jr <rabroersma(at)yahoo(dot)com>
To: Tom Allison <tom(at)tacocat(dot)net>, pgsql-novice(at)postgresql(dot)org
Subject: Re: SSL
Date: 2006-11-19 16:30:19
Message-ID: 88849.77926.qm@web31808.mail.mud.yahoo.com (view raw or flat)
Thread:
Lists: pgsql-novice
> how do I override the SSL option?
> 
> 2006-11-19 10:30:20 EST 4974 [unknown] LOG:  connection received: host=127.0.0.1 
> port=32785
> 2006-11-19 10:30:20 EST 4974 [unknown] LOG:  could not accept SSL connection: 
> EOF detected
> 
> I would prefer that 127.0.0.1 take non-SSL and all others take SSL only.
> 
> The following doesn't work:
> 
> host    dbmail      all         127.0.0.1/32          md5
> hostssl dbmail      postfix     127.0.0.1/32          reject
> hostssl all         all         192.168.1.0/24        md5
> hostssl all         all         192.168.0.0/24        md5
> 

According to your error message, your client/frontend is trying to connect using ssl and your
postgresql server is not accepting it.  Also, could could configure the 127.0.0.1/32 connections
as local instead of host.  This way you will be connected throught Unix-domain sockets rather than
tcp/ip ports and you will not need SSL support for local connections anyway.

However, according the postgresql manual, for a pg server to accept ssl connections the server
must be build with support for SSL and its pg_hba.conf file must be configured properly.

http://www.postgresql.org/docs/8.2/interactive/auth-pg-hba-conf.html

hostssl
This record matches connection attempts made using TCP/IP, but only when the connection is made
with SSL encryption. 

To make use of this option the server must be built with SSL support. Furthermore, SSL must be
enabled at server start time by setting the ssl configuration parameter (see Section 16.7 for more
information). 


Regards,

Richard Broersma Jr.

In response to

  • SSL at 2006-11-19 15:34:21 from Tom Allison

Responses

  • Re: SSL at 2006-11-19 16:33:47 from Tom Allison

pgsql-novice by date

Next:From: Tom AllisonDate: 2006-11-19 16:33:47
Subject: Re: SSL
Previous:From: Tom AllisonDate: 2006-11-19 16:25:48
Subject: nossl authentication

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group