On Wed, Jul 10, 2013 at 12:04 PM, Muhammad Bashir Al-Noimi
<mbnoimi@gmail.com> wrote:
> On Tue, Jul 9, 2013 at 11:21 PM, Jeff Janes <jeff.janes@gmail.com> wrote:
>> From your original email:
>> db.setHostName("localhost");
>>
>> So localhost is probably matching "127.0.0.1/32" or "::1/128", which
>> are explicitly allowed.
>
> I'm using this and still able to connect without SSL
If you want to make sure you can *never* connect without SSL, replace
all entries of "host" with "hostssl". It makes no sense to require SSL
over localhost, but if that's what you want (or just for testing),
replace those too.
> db.setHostName("192.168.0.74");
> db.setPort(5433);
> // set requiressl=1 to enable SSL
> db.setConnectOptions("requiressl=0");
requiressl=0 doesn't mean what you think it means, and that's one
reason it has been deprecated since at least 8.2.
requiressl=0 means "negotiate. use ssl if the server asks for it, but
accept not using ssl". So this will connect without an error both with
and without ssl.
If you want to enforce ssl, use sslmode=require.
If you want to enforce non-ssl, use sslmode=disable.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/