Hi
I want to setup postgres to encrypt all connections to my db using ssl.
My settings:
pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
hostssl my_db all 0.0.0.0/0 md5
postgresql.conf:
ssl = on
ssl_ciphers = 'ECDHE-ECDSA-AES256-GCM-SHA384'
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
And I tried to connect to my db via psql:
psql.exe "host=192.168.0.32 port=5432 dbname=my_db user=test_user
sslmode=verify-ca sslrootcert=server.crt"
I got an error:
psql: SSL error: sslv3 alert handshake failure
The same result with pgAdmin:
SSL error: sslv3 alert handshake failure FATAL: no pg_hba.conf entry for
host "192.168.0.32", user "test_user", database "my_db", SSL off
And also the same result was in my program using pqxx lib:
SSL error: sslv3 alert handshake failure
But if I change in postgresql.conf option
ssl_ciphers = 'DES-CBC3-SHA'
so, all connections (from psql, pgAdmin and my program) would succeed.
I tried to use in ssl_ciphers option all tls_1.2 ciphers from
https://www.openssl.org/docs/apps/ciphers.html#tls_v1_2_cipher_suites
but without success.
Additional info:
OS Windows 7 Ultimate
PostgreSQL 9.3.4, compiled by Visual C++ build 1600, 64-bit
psql (9.3.4)
OpenSSL 1.0.1g
Is it means that there is no way to use tls_1.2 ciphers for connections
security?
Or how can I use, for eg. cipher 'ECDHE-ECDSA-AES256-GCM-SHA384' for my
connections?
--
View this message in context: http://postgresql.nabble.com/PostgreSQL-using-TLS-v1-2-ciphers-tp5839567.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.