Re: SSL confirmation

On Sun, Dec 05, 2004 at 06:59:41PM +0100, Andreas Seltenreich wrote:
> Andrew M. writes:
>
> > this what I get when I issue the openssl command:
> >
> > 6521:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> > failure:s23_lib.c:226:
> >
> > could you explain what this means if you know?
>
> I'm afraid, I think my suggestion to use openssl's s_client with the
> postmaster's builtin SSL support was bogus, since Magnus Hagander
> writes in an older message: "SSL is not enabled at connection time in
> pgsql - it is negotiatied with the postmaster, and enabled later."
>
> <URL:http://groups.google.de/groups?as_umsgid=81124B76C0CF364EBAC6CD213ABEDEF71D3095%40ARGON.edu.sollentuna.se>
>
> So using the openssl tools won't help here.

Right -- see the "Frontend/Backend Protocol" chapter in the
documentation, in particular the "SSL Session Encryption" section:

http://www.postgresql.org/docs/7.4/static/protocol-flow.html#AEN52782

You can use psql to check if SSL is working.  Psql prints a message
like the following if SSL was successfully negotiated:

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/