Re: psql v16.3 successfully connects via TLSv1.3 proxy, but psql v16.4 says "tlsv1 alert no application protocol"
| От | Tom Lane |
|---|---|
| Тема | Re: psql v16.3 successfully connects via TLSv1.3 proxy, but psql v16.4 says "tlsv1 alert no application protocol" |
| Дата | |
| Msg-id | 1807243.1735155420@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: psql v16.3 successfully connects via TLSv1.3 proxy, but psql v16.4 says "tlsv1 alert no application protocol" (Markus KARG <markus@headcrashing.eu>) |
| Ответы |
Re: psql v16.3 successfully connects via TLSv1.3 proxy, but psql v16.4 says "tlsv1 alert no application protocol"
|
| Список | pgsql-bugs |
Markus KARG <markus@headcrashing.eu> writes:
> Following this theory, sslnegotiation=postgres used with psql v17.x
> should solve the problem, as it falls back to the same mechanism
> supported in v16.3, correct?
No, sorry, it looks like we insert the ALPN extension into the SSL
request packet regardless of that. Maybe there should have been
a way to suppress that, but v17 libpq doesn't provide one.
> Regarding your question: I have tried "sslnegotiation=postgres" and
> "ssqlnegotiation=direct" with the original official PostgreSQL Docker
> Container found on Docker Hub.
Let's clarify something here: there is nothing "official" about either
that docker container or anything else you might find on DockerHub.
The Postgres community does not produce any such packaging. You'd
have to discussion the inclusion of v17 libpq with whoever did build
that container. I know that Debian thinks it's a good idea to use
latest libpq with older servers, and this builder might be following
their lead. (The timing would be about right, since v17.0 came out
about the same time as 16.4.) This example does show that there
are pitfalls in that policy.
regards, tom lane
В списке pgsql-bugs по дате отправления: