I'm having a bit of trouble understanding exactly how SSL-encrypted
connections are supposed to work -- and specifically whether it's
possible to "use SSL some of the time."
Here's what I want to do:
1) I want one of my web servers to be able to connect to the database
without the overhead of SSL (it connects as an unprivileged user who
just does SELECTs).
2) I want to allow connections from another machine -- also a web server
-- ONLY if they're encrypted with SSL (users with the ability to
INSERT/UPDATE will be connecting with passwords via a web/db interface
hosted on this machine).
It seems to me that I can't do both. If I turn on the 'ssl=true' option
in $PGDATA/postgresql.conf, then connections from psql at least are
_always_ encrypted, no matter what's in pg_hba.conf.
For the record, here's what's in pg_hba.conf (notably, there's no
hostssl entry):
local all all trust
host all all 127.0.0.1 255.255.255.255 trust
And here's what happens when I connect with psql:
[economex] charlie/$ psql -h 127.0.0.1 template1
Welcome to psql 7.3.1, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit
SSL connection (cipher: EDH-RSA-DES-CBC3-SHA, bits: 168)
template1=> \q
... which looks encrypted to me.
Am I right in interpreting this to mean that I either have to use SSL
all the time or none of the time? I'm especially tempted to believe
this might be the case after seeing this item in the "Clients" section
of http://developer.postgresql.org/todo.php:
- Allow SSL-enabled clients to turn off SSL transfers
Does that mean that, if SSL is enabled for the postmaster, the client
will always be forced to use SSL? Or is there something I need to do to
force the client to NOT use SSL?
Thanks,
Charlie