Thread: Initial request packet for SSL

Initial request packet for SSL

From
"Donald Fraser"
Date:
Hello,
I'm not sure whether this is the correct place to post this question, but I will try here first.
 
According to the documentation, to connect to the back-end using SSL a special start-up packet (SSLRequest) is required before the front-end can begin with the SSL hand-shake.
 
My question is, can this initial request be avoided in any way - is it possible to start with the SSL handshake without the request?
 
The reason I'm asking is that I've been asked to write some software that will establish a secure connection through a HTTPS proxy server to a PostgreSQL database. My research shows that to tunnel through a proxy requires first the connection to the proxy server and then the SSL hand-shake. Many HTTPS proxy servers will not allow any data to be transmitted before the SSL hand-shake, which in the case for PostgreSQL is going to cause problems if I'm required to send the SSLRequest packet first.
 
Any thoughts would be appreciated,
regards
Donald Fraser. 
 
 

Re: Initial request packet for SSL

From
Tom Lane
Date:
"Donald Fraser" <postgres@kiwi-fraser.net> writes:
> My question is, can this initial request be avoided in any way - is it =
> possible to start with the SSL handshake without the request?

No, sorry.  You might consider tunneling to an ssh proxy port that is
redirected to 5432 locally on the database server.

            regards, tom lane