| From: | Greg Stark <stark(at)mit(dot)edu> |
|---|---|
| To: | Andrey Borodin <amborodin86(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Experiments with Postgres and SSL |
| Date: | 2023-01-19 17:07:41 |
| Message-ID: | CAM-w4HNbwZR+Se3S8YYoATKgY9w1BPq25jkRyrToSVNnL+vXjA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 19 Jan 2023 at 00:45, Andrey Borodin <amborodin86(at)gmail(dot)com> wrote:
> But..do we have to treat any unknown start sequence of bytes as a TLS
> connection? Or is there some definite subset of possible first bytes
> that clearly indicates that this is a TLS connection or not?
Absolutely not, there's only one MessageType that can initiate a
connection, ClientHello, so the initial byte has to be a specific
value. (0x16)
And probably to implement HTTP/Websocket it would probably only peek
at the first byte and check for things like G(ET) and H(EAD) and so
on, possibly only over SSL but in theory it could be over any
connection if the request comes before the startup packet.
Personally I'm motivated by wanting to implement status and monitoring
data for things like Prometheus and the like. For that it would just
be simple GET queries to recognize. But tunneling pg wire protocol
over websockets sounds cool but not really something I know a lot
about. I note that Neon is doing something similar with a proxy:
https://neon.tech/blog/serverless-driver-for-postgres
--
greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2023-01-19 17:10:37 | Re: vac_update_datfrozenxid will raise "wrong tuple length" if pg_database tuple contains toast attribute. |
| Previous Message | Karl O. Pinc | 2023-01-19 17:03:53 | Re: Doc: Rework contrib appendix -- informative titles, tweaked sentences |