| From: | Chapman Flack <chap(at)anastigmatix(dot)net> |
|---|---|
| To: | ROS Didier <didier(dot)ros(at)edf(dot)fr>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: PostgreSQL and TLS 1.2 |
| Date: | 2019-08-26 14:31:07 |
| Message-ID: | 40a212c0-c610-ffb7-aab2-5f311fde2f12@anastigmatix.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 8/26/19 10:10 AM, ROS Didier wrote:
> Hi
>
> I would like to check that postgresql is compatible with TLS 1.2.
> what test could I do to check this compatibility?
Hi,
I just now pointed this command at our PG 9.5 server at $work:
openssl s_client -connect dbhost:5432 -starttls postgres
and got the following response (excerpted for the relevant parts):
SSL handshake has read 5465 bytes and written 737 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Then I tried this version:
openssl s_client -connect dbhost:5432 -starttls postgres -tls1_2
and got this result:
SSL handshake has read 5258 bytes and written 343 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Regards,
-Chap
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-08-26 15:01:20 | Re: subscriptionCheck failures on nightjar |
| Previous Message | ROS Didier | 2019-08-26 14:10:37 | PostgreSQL and TLS 1.2 |