Home > mailing lists

Re: SSL Support - Mailing list pgsql-hackers

From	Kaare Rasmussen
Subject	Re: SSL Support
Date	September 21, 2004 12:43:53
Msg-id	200409211044.22690.kar@kakidata.dk Whole thread Raw
In response to	Re: SSL Support (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: SSL Support (dom@happygiraffe.net (Dominic Mitchell))
List	pgsql-hackers

Tree view

Hi

> I think verification of the server certificates is not supported either. 
> SSL only serves for encryption, not authentication or integrity checking
> (which is probably a stupid idea).

I have this feeling that SSL in PostgreSQL isn't category 1 supported if you 
can put it that way. Maybe I'm wrong?

Another way to ensure encrypted (and authenticated, I believe) connections is 
to use stunnel with PostgreSQL.

I'm not sure which solution is the best. SSL in PostgreSQL is integrated. 
Stunnel has the advantage of being more generic. having tried none, I don't 
know about performance.

-- 
Kaare Rasmussen            --Linux, spil,--        Tlf:        3816 2582
Kaki Data                tshirts, merchandize      Fax:        3816 2501
Nordre Fasanvej 12         Åben 12.00-18.00        Email: kar@kakidata.dk
2000 Frederiksberg        Lørdag 12.00-16.00       Web:      www.suse.dk

pgsql-hackers by date:

From: Peter Eisentraut
Date: 21 September 2004, 12:18:39
Subject: Re: SSL Support

From: "Michael Paesold"
Date: 21 September 2004, 13:04:44
Subject: Re: Disabling bgwriter on my notebook

Re: SSL Support - Mailing list pgsql-hackers

Previous

Next