Thread: SSL and MD5 passwords
Hi All,
Regards,
We would like to use SSL to secure data transmission between our app server and postgres server as they are both on the public internet. We cannot use SSH tunnels as our infrastructure doesn’t allow it. Using client SSL keys poses a number of structural issues for us as well.
Instead we would like to use MD5 Username/Password to authenticate to Postgres while having postgres encrypt the data transfer via SSL (forced). Is this possible? If so:
1. are there any issues with doing things this way?
2. we have configured pg_hba.conf with hostssl and md5 clientcert=0 but cannot seem to get the correct connection string combination. Could someone point me in the correct direction.
Thanks for looking!
Regards,
Nathan Aherne wrote: > We would like to use SSL to secure data transmission between our app server and postgres server as > they are both on the public internet. We cannot use SSH tunnels as our infrastructure doesn’t allow > it. Using client SSL keys poses a number of structural issues for us as well. > > Instead we would like to use MD5 Username/Password to authenticate to Postgres while having postgres > encrypt the data transfer via SSL (forced). Is this possible? If so: Yes, this is possible, we do it all the time. > 1. are there any issues with doing things this way? > 2. we have configured pg_hba.conf with hostssl and md5 clientcert=0 but cannot seem to get the correct > connection string combination. Could someone point me in the correct direction. There is no option "clientcert=0" for the md5 authentication method. Just remove that and everything should work fine. What client do you use to connect? If you connect with libpq, you can add "sslmode=require" to the connection string, but this is not necessary, since "sslmode=prefer" is default, and that will try SSL first. Yours, Laurenz Albe