Re: ssl connection issues - Mailing list pgsql-jdbc
| From | Gabriele Bulfon |
|---|---|
| Subject | Re: ssl connection issues |
| Date | |
| Msg-id | 491225265.1372.1537176204835@www Whole thread Raw |
| In response to | Re: ssl connection issues (Mark Rotteveel <mark@lawinegevaar.nl>) |
| Responses |
Re: ssl connection issues
|
| List | pgsql-jdbc |
That may be a possibility, but given that I cannot upgrade at the moment, how can I check this and maybe change the required cipher to match?
Gabriele
----------------------------------------------------------------------------------
Da: Mark Rotteveel <mark@lawinegevaar.nl>
A: Craig Ringer <craig@2ndquadrant.com>
Cc: pgsql-jdbc@lists.postgresql.org
Data: 17 settembre 2018 11.18.30 CEST
Oggetto: Re: ssl connection issues
Sonicle S.r.l. : http://www.sonicle.com
Quantum Mechanics : http://www.cdbaby.com/cd/gabrielebulfon
----------------------------------------------------------------------------------
Da: Mark Rotteveel <mark@lawinegevaar.nl>
A: Craig Ringer <craig@2ndquadrant.com>
Cc: pgsql-jdbc@lists.postgresql.org
Data: 17 settembre 2018 11.18.30 CEST
Oggetto: Re: ssl connection issues
On 2018-09-17 10:22, Craig Ringer wrote:
> On 14 September 2018 at 18:20, Dave Cramer <pg@fastcrypt.com> wrote:
>
>> On Thu, 13 Sep 2018 at 11:10, Craig Ringer <craig@2ndquadrant.com>
>> wrote:
>>
>> On 13 September 2018 at 20:23, Gabriele Bulfon <gbulfon@sonicle.com>
>> wrote:
>>
>> Hello,
>>
>> I recently configured Postgresql 9.0.9 with SSL only "on" and all
>> its needed server certificates.
>> I then created the client certificates and started working with them
>> from a windows client.
>>
>> At first I used them with tools like Navicat, just specified the 3
>> certs files (key,crt and root.crt) in the ssl pane, worked fine.
>>
>> Then I tried with ODBC, placed the files in %APPDATA%/postgresql
>> with correct names (postgresql.key, postgresql.crt, root.crt),
>> created the connection and tested it, worked fine.
>>
>> Last I tried with jdbc, thinking it would have been so easy: I'm
>> fighting for 2 days with lots of different issues.
>> After some messing, I also finally discovered that, different from
>> odbc, it would look for a pk8 file (why this difference?).
>>
>> AFAIK it's largely historical, and due to now-lifted limitations in
>> JSSE.
>>
>> You should probably use sslfactory=org.postgresql.ssl.LibPQFactory
>> and possibly specify explicit paths for the sslcert and sslkey
>> parameters.
>>
>> This seems to be undocumented, unfortunately.
>
> the default is LibPQFactory and it is fairly well documented.
>
> https://jdbc.postgresql.org/documentation/head/connect.html#connection-parameters
> [1]
>
> Nope, apparently the only problem is my reading ability. Sorry.
>
> That does make me wonder why Gabriele is having this issue though.
Given the age of PostgreSQL 9.0, could it be a SSL/TLS version problem,
given all the default restrictions to supported SSL/TLS versions and
supported cipher suites in recent Java version?
Mark
pgsql-jdbc by date: