proper pg_hba config to require ssl from non-local/private ips
| От | Matthew Lenz |
|---|---|
| Тема | proper pg_hba config to require ssl from non-local/private ips |
| Дата | |
| Msg-id | CANpBAJtuxCRnqvixsMFK-D7G=T6T_ma-Xef62saLR8doCW+tRw@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: proper pg_hba config to require ssl from non-local/private ips
Re: proper pg_hba config to require ssl from non-local/private ips |
| Список | pgsql-admin |
This is what I've got currently but it's still allowing non-ssl connections from remote (non-local/private) hosts. Any thoughts?
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.0.0.0/8 md5
host all all 172.16.0.0/12 md5
hostssl all all all md5 clientcert=verify-ca
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.0.0.0/8 md5
host all all 172.16.0.0/12 md5
hostssl all all all md5 clientcert=verify-ca
Also when I require SSL on the client it allows SSL connections without a CA signed cert which I thought clientcert=verify-ca in this pg_hba should require.
В списке pgsql-admin по дате отправления: