Re: Force ssl connection

On 07/08/2013 05:32 PM, Muhammad Bashir Al-Noimi wrote:
>
> Howdy,
>
> I want to prevent any Postgresql database connection other than SSL but
> it didn't work and my client can connect without SSL!
>
> * How can fix this issue?
>
> P.S. To force SSL connection I made the following steps:
>
> On server side (ubuntu 12.10 x64 - Postgresql 9.1)
> 1) Created server.key and server.crt
> 2) Modified pg_hba.conf and added "hostnossl all all 0.0.0.0/0 reject"

Actually something more along lines of

hostssl all all 0.0.0.0/0

http://www.postgresql.org/docs/9.2/interactive/auth-pg-hba-conf.html

hostssl
This record matches connection attempts made using TCP/IP, but only when
the connection is made with SSL encryption.

To make use of this option the server must be built with SSL support.
Furthermore, SSL must be enabled at server start time by setting the ssl
configuration parameter (see Section 17.9 for more information).

Also remember in pg_hba.conf first match wins, so if there is a more
permissive entry before your restrictive one, the permissive one will
take precedence.

> 3) Modified postgresql.conf "ssl = on"
> 4) Restarted the server
>
> On client side (Qt 5.1)
> db.setDatabaseName("mydb");
> db.setHostName("localhost");
> db.setUserName("postgres");
> db.setPassword("****");
> db.setPort(5432);
> db.setConnectOptions("requiressl=1");
> if (!db.open()) {
> qDebug() << "Unable to connect!";
> }
>

--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com