Re: Frontend/Backend Protocol: SSL / GSS Protocol Negotiation Problem

From: Jakob Egger <jakob(at)eggerapps(dot)at>
To: Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk>
Cc: PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>
Subject: Re: Frontend/Backend Protocol: SSL / GSS Protocol Negotiation Problem
Date: 2019-12-06 20:06:13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

> On 6. Dec 2019, at 16:45, Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> wrote:
>>>>>> "Jakob" == Jakob Egger <jakob(at)eggerapps(dot)at> writes:
> Jakob> But this also needs to be fixed on the client side as well,
> Jakob> otherwise affected clients can't connect to older servers
> Jakob> anymore.
> There's a workaround, which is to set PGGSSENCMODE=disable on the
> client.
> It would be far better to avoid complicating the client side with this
> if we can possibly do so.

As far as I understand, the bug impacts clients version 12.0 or later who have Kerberos when connecting to 12.0 or 12.1 servers that don't have Kerberos. (Assuming that the bug will be fixed server side in 12.2)

I don't know how many people use Kerberos, so I can't say if it's worth the additional complexiity to work around the bug.

In any case, the workaround should probably be documented somewhere:

If you try to connect to a PostgreSQL 12.0 or 12.1 server and you get the following error message:

psql: error: could not connect to server: FATAL: unsupported frontend protocol 1234.5679: server supports 2.0 to 3.0

Then you need to use the connection parameter gssencmode=disable

Is there a place where such workarounds are documented, or do we rely on Google indexing the mailing list archive?

Best regards,


In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2019-12-06 21:41:20 Re: log bind parameter values on error
Previous Message Andrew Dunstan 2019-12-06 19:30:51 Re: Using XLogFileNameP in critical section