Thread: PostgreSQL SSL communication with SecureTcpClient (Ssl v 3.0)
Hello,
I am currently adding SSL support to the Npgsql driver (the .NET data provider for PostgreSQL). I have tested with the Mentalis Secure Library (http://www.mentalis.org/soft/projects/ssocket/). I am creating the SecureTcpSocket as an instance that uses Ssl version 3.0. The PostgreSQL server is configured as described in http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL support is added in pg_hba.conf, via hostssl
The exception I get when I run a test application to connect the database is something like that:
Unhandled Exception: Npgsql.NpgsqlException: Error in Open() ---> System.IO.IOException: An I/O exception occurred. ---> Org.Mentalis.Security.SecurityException
: An error occurs while communicating with the remote host. ---> Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message uses a protocol that was not recognized.
Do you have any idea what can be the reason? Thanks in advance.
Regards,
Angel
Angel T. Todorov
PGP public key ID: 1024D/35454B4C
What version of PostgreSQL are you using? --------------------------------------------------------------------------- Angel Todorov wrote: > Hello, > I am currently adding SSL support to the Npgsql driver (the .NET data > provider for PostgreSQL). I have tested with the Mentalis Secure Library > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the > SecureTcpSocket as an instance that uses Ssl version 3.0. The PostgreSQL > server is configured as described in > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL support > is added in pg_hba.conf, via hostssl > The exception I get when I run a test application to connect the > database is something like that: > > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() ---> > System.IO.IOException: An I/O exception occurred. ---> > Org.Mentalis.Security.SecurityException > : An error occurs while communicating with the remote host. ---> > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message > uses a protocol that was not recognized. > > Do you have any idea what can be the reason? Thanks in advance. > > Regards, > > Angel > > > > Angel T. Todorov > PGP public key ID: 1024D/ > <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C> 35454B4C > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
It is 7.3.3 The Npgsql is 0.5, which supports the 2.0 protocol. Angel -----Original Message----- From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] Sent: Monday, September 29, 2003 3:03 AM To: Angel Todorov Cc: PostgreSQL General Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient (Ssl v 3.0) What version of PostgreSQL are you using? ------------------------------------------------------------------------ --- Angel Todorov wrote: > Hello, > I am currently adding SSL support to the Npgsql driver (the .NET data > provider for PostgreSQL). I have tested with the Mentalis Secure Library > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the > SecureTcpSocket as an instance that uses Ssl version 3.0. The PostgreSQL > server is configured as described in > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL support > is added in pg_hba.conf, via hostssl > The exception I get when I run a test application to connect the > database is something like that: > > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() ---> > System.IO.IOException: An I/O exception occurred. ---> > Org.Mentalis.Security.SecurityException > : An error occurs while communicating with the remote host. ---> > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message > uses a protocol that was not recognized. > > Do you have any idea what can be the reason? Thanks in advance. > > Regards, > > Angel > > > > Angel T. Todorov > PGP public key ID: 1024D/ > <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C> 35454B4C > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
Angel Todorov wrote: > It is 7.3.3 We have fixed many SSL items in 7.4. Can you grab a snapshot from our FTP server and check that? --------------------------------------------------------------------------- > > The Npgsql is 0.5, which supports the 2.0 protocol. > > Angel > > -----Original Message----- > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] > Sent: Monday, September 29, 2003 3:03 AM > To: Angel Todorov > Cc: PostgreSQL General > Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient > (Ssl v 3.0) > > > What version of PostgreSQL are you using? > > ------------------------------------------------------------------------ > --- > > Angel Todorov wrote: > > Hello, > > I am currently adding SSL support to the Npgsql driver (the .NET data > > provider for PostgreSQL). I have tested with the Mentalis Secure > Library > > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the > > SecureTcpSocket as an instance that uses Ssl version 3.0. The > PostgreSQL > > server is configured as described in > > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL > support > > is added in pg_hba.conf, via hostssl > > The exception I get when I run a test application to connect the > > database is something like that: > > > > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() ---> > > System.IO.IOException: An I/O exception occurred. ---> > > Org.Mentalis.Security.SecurityException > > : An error occurs while communicating with the remote host. ---> > > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello > message > > uses a protocol that was not recognized. > > > > Do you have any idea what can be the reason? Thanks in advance. > > > > Regards, > > > > Angel > > > > > > > > Angel T. Todorov > > PGP public key ID: 1024D/ > > <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C> > 35454B4C > > > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania > 19073 > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
Hello, is it something specific about the startup packet length? I can try to see if I can fix it if it is from the driver itself. I will try with 7.4, but it should also operate with postgresql 7.2 and 7.3 Angel -----Original Message----- From: pgsql-general-owner@postgresql.org [mailto:pgsql-general-owner@postgresql.org] On Behalf Of Bruce Momjian Sent: Monday, September 29, 2003 4:13 AM To: Angel Todorov Cc: 'PostgreSQL General' Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient (Ssl Angel Todorov wrote: > It is 7.3.3 We have fixed many SSL items in 7.4. Can you grab a snapshot from our FTP server and check that? ------------------------------------------------------------------------ --- > > The Npgsql is 0.5, which supports the 2.0 protocol. > > Angel > > -----Original Message----- > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] > Sent: Monday, September 29, 2003 3:03 AM > To: Angel Todorov > Cc: PostgreSQL General > Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient > (Ssl v 3.0) > > > What version of PostgreSQL are you using? > > ------------------------------------------------------------------------ > --- > > Angel Todorov wrote: > > Hello, > > I am currently adding SSL support to the Npgsql driver (the .NET data > > provider for PostgreSQL). I have tested with the Mentalis Secure > Library > > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the > > SecureTcpSocket as an instance that uses Ssl version 3.0. The > PostgreSQL > > server is configured as described in > > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL > support > > is added in pg_hba.conf, via hostssl > > The exception I get when I run a test application to connect the > > database is something like that: > > > > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() ---> > > System.IO.IOException: An I/O exception occurred. ---> > > Org.Mentalis.Security.SecurityException > > : An error occurs while communicating with the remote host. ---> > > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello > message > > uses a protocol that was not recognized. > > > > Do you have any idea what can be the reason? Thanks in advance. > > > > Regards, > > > > Angel > > > > > > > > Angel T. Todorov > > PGP public key ID: 1024D/ > > <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C> > 35454B4C > > > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania > 19073 > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly
Angel Todorov wrote: > Hello, is it something specific about the startup packet length? I can > try to see if I can fix it if it is from the driver itself. I will try > with 7.4, but it should also operate with postgresql 7.2 and 7.3 Sorry, no idea. --------------------------------------------------------------------------- > > Angel > > -----Original Message----- > From: pgsql-general-owner@postgresql.org > [mailto:pgsql-general-owner@postgresql.org] On Behalf Of Bruce Momjian > Sent: Monday, September 29, 2003 4:13 AM > To: Angel Todorov > Cc: 'PostgreSQL General' > Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient > (Ssl > > Angel Todorov wrote: > > It is 7.3.3 > > We have fixed many SSL items in 7.4. Can you grab a snapshot from our > FTP server and check that? > > ------------------------------------------------------------------------ > --- > > > > > > The Npgsql is 0.5, which supports the 2.0 protocol. > > > > Angel > > > > -----Original Message----- > > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] > > Sent: Monday, September 29, 2003 3:03 AM > > To: Angel Todorov > > Cc: PostgreSQL General > > Subject: Re: [GENERAL] PostgreSQL SSL communication with > SecureTcpClient > > (Ssl v 3.0) > > > > > > What version of PostgreSQL are you using? > > > > > ------------------------------------------------------------------------ > > --- > > > > Angel Todorov wrote: > > > Hello, > > > I am currently adding SSL support to the Npgsql driver (the .NET > data > > > provider for PostgreSQL). I have tested with the Mentalis Secure > > Library > > > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the > > > SecureTcpSocket as an instance that uses Ssl version 3.0. The > > PostgreSQL > > > server is configured as described in > > > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL > > support > > > is added in pg_hba.conf, via hostssl > > > The exception I get when I run a test application to connect the > > > database is something like that: > > > > > > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() ---> > > > System.IO.IOException: An I/O exception occurred. ---> > > > Org.Mentalis.Security.SecurityException > > > : An error occurs while communicating with the remote host. ---> > > > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello > > message > > > uses a protocol that was not recognized. > > > > > > Do you have any idea what can be the reason? Thanks in advance. > > > > > > Regards, > > > > > > Angel > > > > > > > > > > > > Angel T. Todorov > > > PGP public key ID: 1024D/ > > > <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C> > > 35454B4C > > > > > > > -- > > Bruce Momjian | http://candle.pha.pa.us > > pgman@candle.pha.pa.us | (610) 359-1001 > > + If your life is a hard drive, | 13 Roberts Road > > + Christ can be your backup. | Newtown Square, Pennsylvania > > 19073 > > > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania > 19073 > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
On Mon, 29 Sep 2003, Angel Todorov wrote: > Hello, > I am currently adding SSL support to the Npgsql driver (the .NET data > provider for PostgreSQL). I have tested with the Mentalis Secure Library > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the > SecureTcpSocket as an instance that uses Ssl version 3.0. The PostgreSQL > server is configured as described in > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL support > is added in pg_hba.conf, via hostssl > The exception I get when I run a test application to connect the > database is something like that: > > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() ---> > System.IO.IOException: An I/O exception occurred. ---> > Org.Mentalis.Security.SecurityException > : An error occurs while communicating with the remote host. ---> > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message > uses a protocol that was not recognized. > > Do you have any idea what can be the reason? Thanks in advance. > You are aware that the connection does not start as a SSL connection, but begins as a normal one and then switches over. Kris Jurka
Kris Jurka <books@ejurka.com> writes:
> On Mon, 29 Sep 2003, Angel Todorov wrote:
>> : An error occurs while communicating with the remote host. --->
>> Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message
>> uses a protocol that was not recognized.
>>
>> Do you have any idea what can be the reason? Thanks in advance.
> You are aware that the connection does not start as a SSL connection, but
> begins as a normal one and then switches over.
Specifically, you need to eat the initial "S" or "N" response byte from
the server before firing up the SSL startup handshake.
regards, tom lane