Re: Enforcing TLS 1.3 as a a minimum version

From: Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com>
To: John Barker <johnobarker(at)gmail(dot)com>
Cc: pgadmin-support(at)lists(dot)postgresql(dot)org
Subject: Re: Enforcing TLS 1.3 as a a minimum version
Date: 2025-04-08 11:10:04
Message-ID: CAFOhELeMYYFz8vpBpd7DKtjW10THuv22WZ6NiYUZTZZ634MaQw@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgadmin-support

Hi,

On Tue, Apr 8, 2025 at 12:00 AM John Barker <johnobarker(at)gmail(dot)com> wrote:

>
> I am running pgAdmin 9.1 in a podman container and am trying to ensure
> that TLS 1.3 is the minimum version. I have created an override file and
> I know that it is being read at startup but the enforcement of TLS 1.3 is
> not happening. I am using this configuration as suggested by the
> documentation here: https://docs.gunicorn.org/en/21.2.0/settings.html
>
> Any idea of what to check. I know the file is being parsed because if I
> introduce a bad config, it is noted at startup.
>
> Also, where or how is the instance variable for the config defined?
>
> "The callable needs to accept an instance variable for the Config"
>

Can you please share your gunicorn_config.py file?
The code looks good to me, and you said that you mapped the correct
Gunicorn config file from the container.
Also, what testing have you done to check whether the TLS version is
enforced or not?

>
> The below is a file mapped into the container called gunicorn_config.py
>
> def ssl_context(conf, default_ssl_context_factory):
> import ssl
> context = default_ssl_context_factory()
> context.minimum_version = ssl.TLSVersion.TLSv1_3
> return context
>
>

In response to

Responses

Browse pgadmin-support by date

  From Date Subject
Next Message Khushboo Vashi 2025-04-09 03:38:16 Re: Enforcing TLS 1.3 as a a minimum version
Previous Message John Barker 2025-04-07 18:29:43 Fwd: Enforcing TLS 1.3 as a a minimum version