localhost ssl

Поиск
Список
Период
Сортировка
От Rob Sargent
Тема localhost ssl
Дата
Msg-id e77dddba-3c98-4cb2-5492-c0cf694c084d@gmail.com
обсуждение исходный текст
Ответы Re: localhost ssl
Список pgsql-general
Дерево обсуждения 
I will need to enforce ssl/tls in my production environment so I thought 
I would try setting things up on localhost to see how that went.

Then I noticed that my successful connections from 
"/usr/lib/postgresql/12/bin/psql -U postgres -h localhost -P pager=off 
postgres" report:

   psql (12.5 (Ubuntu 12.5-0ubuntu0.20.04.1))
   SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, 
bits: 256, compression: off)
   Type "help" for help.

though my pg_hba.conf does not specify SSL at all

   # Database administrative login by Unix domain socket 
 

   local   all             postgres                                peer 
 


   # TYPE  DATABASE        USER            ADDRESS 
METHOD 


   # "local" is for Unix domain socket connections only 
 

   local   all             all                                     peer 
 

   # IPv4 local connections: 
 

   host    all             all             127.0.0.1/32            md5 
 

   host    all             all             127.0.1.1/32            md5 
 

   # IPv6 local connections: 
 

   host    all             all             ::1/128                 md5 
 


So to the questions:
1. Am I already getting encrypted connections and if so, how?
2. In production I hope to name the role with each connection as I want 
the search_path set by the connecting role.  Will I need a cert per role 
with CN=<rolename>?

В списке pgsql-general по дате отправления: