>> On 25/12/2024 19:05, Markus KARG wrote:
>>> I am running the official PostgreSQL 17.2 Docker Container (https://
>>> hub.docker.com/layers/library/postgres/17.2/images/sha256-
>>> c063081175f45f4a3a5ac03c234e060e67618ebe75b49e2a7ffb79f8357bd1e6)
>>> proxied by a TLSv1.3 proxy (official Traefik 3.2.3 Docker Container
>>> https://hub.docker.com/layers/library/traefik/v3.2.3/images/
>>> sha256-06966a9ba1747ad724a490b8f27df1434c64e8eee5d681df03c4761c9653f62c).
>>> Traefik utilizes ACME with Let's Encrypt to produce the TLS
>>> certificate.
>>
>> In v17, libpq requests the ALPN extension in the TLS handshake. Looks
>> like the proxy doesn't know about the "postgresql" ALPN protocol, and
>> rejects the connection.
>>
>> I guess Traefik needs some configuration changes to tell it that the
>> "postgresql" protocol is expected. Or code changes.
Following this theory, sslnegotiation=postgres used with psql v17.x
should solve the problem, as it falls back to the same mechanism
supported in v16.3, correct? Unfortunately it fails with the same error
message:
root@hetzner-2:~# docker run -it postgres:17.2 psql
"host=headcrashing.eu port=5432 dbname=postgres user=postgres
password=... sslmode=require sslnegotiation=postgres"
psql: error: connection to server at "headcrashing.eu" (49.13.53.107),
port 5432 failed: SSL error: tlsv1 alert no application protocol
The same happens when using sslnegotication=direct.
Regarding your question: I have tried "sslnegotiation=postgres" and
"ssqlnegotiation=direct" with the original official PostgreSQL Docker
Container found on Docker Hub. Using v16.3 psql says it doesn't know the
option "sslnegotiation", and 16.4...17 say "tlsv1 alert no application
protocol". Does PROOFS your claim that the original images on Docker Hub
are using libpq v17 even for psql v16.4+!
-Markus
-Markus
