Thread: PostgreSQL SSL communication with SecureTcpClient (Ssl v 3.0)

PostgreSQL SSL communication with SecureTcpClient (Ssl v 3.0)

From
"Angel Todorov"
Date:

Hello,

I am currently adding SSL support to the Npgsql driver (the .NET data provider for PostgreSQL). I have tested with the Mentalis Secure Library (http://www.mentalis.org/soft/projects/ssocket/). I am creating the SecureTcpSocket as an instance that uses Ssl version 3.0. The PostgreSQL server is configured as described in http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL support is added in pg_hba.conf, via hostssl

The exception I get when I run a test application to connect the database is something like that:

 

Unhandled Exception: Npgsql.NpgsqlException: Error in Open() ---> System.IO.IOException: An I/O exception occurred. ---> Org.Mentalis.Security.SecurityException
: An error occurs while communicating with the remote host. ---> Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message uses a protocol that was not recognized.

 

Do you have any idea what can be the reason? Thanks in advance.

 

Regards,

 

Angel

 

 

 

Angel T. Todorov

PGP public key ID: 1024D/35454B4C

 

Re: PostgreSQL SSL communication with SecureTcpClient (Ssl

From
Bruce Momjian
Date:
What version of PostgreSQL are you using?

---------------------------------------------------------------------------

Angel Todorov wrote:
> Hello,
> I am currently adding SSL support to the Npgsql driver (the .NET data
> provider for PostgreSQL). I have tested with the Mentalis Secure Library
> (http://www.mentalis.org/soft/projects/ssocket/). I am creating the
> SecureTcpSocket as an instance that uses Ssl version 3.0. The PostgreSQL
> server is configured as described in
> http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL support
> is added in pg_hba.conf, via hostssl
> The exception I get when I run a test application to connect the
> database is something like that:
>
> Unhandled Exception: Npgsql.NpgsqlException: Error in Open() --->
> System.IO.IOException: An I/O exception occurred. --->
> Org.Mentalis.Security.SecurityException
> : An error occurs while communicating with the remote host. --->
> Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message
> uses a protocol that was not recognized.
>
> Do you have any idea what can be the reason? Thanks in advance.
>
> Regards,
>
> Angel
>
>
>
> Angel T. Todorov
> PGP public key ID: 1024D/
> <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C> 35454B4C
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Re: PostgreSQL SSL communication with SecureTcpClient (Ssl v 3.0)

From
"Angel Todorov"
Date:
It is 7.3.3

The Npgsql is 0.5, which supports the 2.0 protocol.

Angel

-----Original Message-----
From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
Sent: Monday, September 29, 2003 3:03 AM
To: Angel Todorov
Cc: PostgreSQL General
Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient
(Ssl v 3.0)


What version of PostgreSQL are you using?

------------------------------------------------------------------------
---

Angel Todorov wrote:
> Hello,
> I am currently adding SSL support to the Npgsql driver (the .NET data
> provider for PostgreSQL). I have tested with the Mentalis Secure
Library
> (http://www.mentalis.org/soft/projects/ssocket/). I am creating the
> SecureTcpSocket as an instance that uses Ssl version 3.0. The
PostgreSQL
> server is configured as described in
> http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL
support
> is added in pg_hba.conf, via hostssl
> The exception I get when I run a test application to connect the
> database is something like that:
>
> Unhandled Exception: Npgsql.NpgsqlException: Error in Open() --->
> System.IO.IOException: An I/O exception occurred. --->
> Org.Mentalis.Security.SecurityException
> : An error occurs while communicating with the remote host. --->
> Org.Mentalis.Security.Ssl.Shared.SslException: The server hello
message
> uses a protocol that was not recognized.
>
> Do you have any idea what can be the reason? Thanks in advance.
>
> Regards,
>
> Angel
>
>
>
> Angel T. Todorov
> PGP public key ID: 1024D/
> <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C>
35454B4C
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania
19073


Re: PostgreSQL SSL communication with SecureTcpClient (Ssl

From
Bruce Momjian
Date:
Angel Todorov wrote:
> It is 7.3.3

We have fixed many SSL items in 7.4.  Can you grab a snapshot from our
FTP server and check that?

---------------------------------------------------------------------------


>
> The Npgsql is 0.5, which supports the 2.0 protocol.
>
> Angel
>
> -----Original Message-----
> From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> Sent: Monday, September 29, 2003 3:03 AM
> To: Angel Todorov
> Cc: PostgreSQL General
> Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient
> (Ssl v 3.0)
>
>
> What version of PostgreSQL are you using?
>
> ------------------------------------------------------------------------
> ---
>
> Angel Todorov wrote:
> > Hello,
> > I am currently adding SSL support to the Npgsql driver (the .NET data
> > provider for PostgreSQL). I have tested with the Mentalis Secure
> Library
> > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the
> > SecureTcpSocket as an instance that uses Ssl version 3.0. The
> PostgreSQL
> > server is configured as described in
> > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL
> support
> > is added in pg_hba.conf, via hostssl
> > The exception I get when I run a test application to connect the
> > database is something like that:
> >
> > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() --->
> > System.IO.IOException: An I/O exception occurred. --->
> > Org.Mentalis.Security.SecurityException
> > : An error occurs while communicating with the remote host. --->
> > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello
> message
> > uses a protocol that was not recognized.
> >
> > Do you have any idea what can be the reason? Thanks in advance.
> >
> > Regards,
> >
> > Angel
> >
> >
> >
> > Angel T. Todorov
> > PGP public key ID: 1024D/
> > <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C>
> 35454B4C
> >
>
> --
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 359-1001
>   +  If your life is a hard drive,     |  13 Roberts Road
>   +  Christ can be your backup.        |  Newtown Square, Pennsylvania
> 19073
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Re: PostgreSQL SSL communication with SecureTcpClient (Ssl

From
"Angel Todorov"
Date:
Hello, is it something specific about the startup packet length? I can
try to see if I can fix it if it is from the driver itself. I will try
with 7.4, but it should also operate with postgresql 7.2 and 7.3

Angel

-----Original Message-----
From: pgsql-general-owner@postgresql.org
[mailto:pgsql-general-owner@postgresql.org] On Behalf Of Bruce Momjian
Sent: Monday, September 29, 2003 4:13 AM
To: Angel Todorov
Cc: 'PostgreSQL General'
Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient
(Ssl

Angel Todorov wrote:
> It is 7.3.3

We have fixed many SSL items in 7.4.  Can you grab a snapshot from our
FTP server and check that?

------------------------------------------------------------------------
---


>
> The Npgsql is 0.5, which supports the 2.0 protocol.
>
> Angel
>
> -----Original Message-----
> From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> Sent: Monday, September 29, 2003 3:03 AM
> To: Angel Todorov
> Cc: PostgreSQL General
> Subject: Re: [GENERAL] PostgreSQL SSL communication with
SecureTcpClient
> (Ssl v 3.0)
>
>
> What version of PostgreSQL are you using?
>
>
------------------------------------------------------------------------
> ---
>
> Angel Todorov wrote:
> > Hello,
> > I am currently adding SSL support to the Npgsql driver (the .NET
data
> > provider for PostgreSQL). I have tested with the Mentalis Secure
> Library
> > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the
> > SecureTcpSocket as an instance that uses Ssl version 3.0. The
> PostgreSQL
> > server is configured as described in
> > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL
> support
> > is added in pg_hba.conf, via hostssl
> > The exception I get when I run a test application to connect the
> > database is something like that:
> >
> > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() --->
> > System.IO.IOException: An I/O exception occurred. --->
> > Org.Mentalis.Security.SecurityException
> > : An error occurs while communicating with the remote host. --->
> > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello
> message
> > uses a protocol that was not recognized.
> >
> > Do you have any idea what can be the reason? Thanks in advance.
> >
> > Regards,
> >
> > Angel
> >
> >
> >
> > Angel T. Todorov
> > PGP public key ID: 1024D/
> > <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C>
> 35454B4C
> >
>
> --
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 359-1001
>   +  If your life is a hard drive,     |  13 Roberts Road
>   +  Christ can be your backup.        |  Newtown Square, Pennsylvania
> 19073
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania
19073

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to majordomo@postgresql.org so that your
      message can get through to the mailing list cleanly


Re: PostgreSQL SSL communication with SecureTcpClient (Ssl

From
Bruce Momjian
Date:
Angel Todorov wrote:
> Hello, is it something specific about the startup packet length? I can
> try to see if I can fix it if it is from the driver itself. I will try
> with 7.4, but it should also operate with postgresql 7.2 and 7.3

Sorry, no idea.

---------------------------------------------------------------------------


>
> Angel
>
> -----Original Message-----
> From: pgsql-general-owner@postgresql.org
> [mailto:pgsql-general-owner@postgresql.org] On Behalf Of Bruce Momjian
> Sent: Monday, September 29, 2003 4:13 AM
> To: Angel Todorov
> Cc: 'PostgreSQL General'
> Subject: Re: [GENERAL] PostgreSQL SSL communication with SecureTcpClient
> (Ssl
>
> Angel Todorov wrote:
> > It is 7.3.3
>
> We have fixed many SSL items in 7.4.  Can you grab a snapshot from our
> FTP server and check that?
>
> ------------------------------------------------------------------------
> ---
>
>
> >
> > The Npgsql is 0.5, which supports the 2.0 protocol.
> >
> > Angel
> >
> > -----Original Message-----
> > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> > Sent: Monday, September 29, 2003 3:03 AM
> > To: Angel Todorov
> > Cc: PostgreSQL General
> > Subject: Re: [GENERAL] PostgreSQL SSL communication with
> SecureTcpClient
> > (Ssl v 3.0)
> >
> >
> > What version of PostgreSQL are you using?
> >
> >
> ------------------------------------------------------------------------
> > ---
> >
> > Angel Todorov wrote:
> > > Hello,
> > > I am currently adding SSL support to the Npgsql driver (the .NET
> data
> > > provider for PostgreSQL). I have tested with the Mentalis Secure
> > Library
> > > (http://www.mentalis.org/soft/projects/ssocket/). I am creating the
> > > SecureTcpSocket as an instance that uses Ssl version 3.0. The
> > PostgreSQL
> > > server is configured as described in
> > > http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL
> > support
> > > is added in pg_hba.conf, via hostssl
> > > The exception I get when I run a test application to connect the
> > > database is something like that:
> > >
> > > Unhandled Exception: Npgsql.NpgsqlException: Error in Open() --->
> > > System.IO.IOException: An I/O exception occurred. --->
> > > Org.Mentalis.Security.SecurityException
> > > : An error occurs while communicating with the remote host. --->
> > > Org.Mentalis.Security.Ssl.Shared.SslException: The server hello
> > message
> > > uses a protocol that was not recognized.
> > >
> > > Do you have any idea what can be the reason? Thanks in advance.
> > >
> > > Regards,
> > >
> > > Angel
> > >
> > >
> > >
> > > Angel T. Todorov
> > > PGP public key ID: 1024D/
> > > <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x35454B4C>
> > 35454B4C
> > >
> >
> > --
> >   Bruce Momjian                        |  http://candle.pha.pa.us
> >   pgman@candle.pha.pa.us               |  (610) 359-1001
> >   +  If your life is a hard drive,     |  13 Roberts Road
> >   +  Christ can be your backup.        |  Newtown Square, Pennsylvania
> > 19073
> >
>
> --
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 359-1001
>   +  If your life is a hard drive,     |  13 Roberts Road
>   +  Christ can be your backup.        |  Newtown Square, Pennsylvania
> 19073
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Re: PostgreSQL SSL communication with SecureTcpClient (Ssl

From
Kris Jurka
Date:

On Mon, 29 Sep 2003, Angel Todorov wrote:

> Hello,
> I am currently adding SSL support to the Npgsql driver (the .NET data
> provider for PostgreSQL). I have tested with the Mentalis Secure Library
> (http://www.mentalis.org/soft/projects/ssocket/). I am creating the
> SecureTcpSocket as an instance that uses Ssl version 3.0. The PostgreSQL
> server is configured as described in
> http://developer.postgresql.org/docs/postgres/ssl-tcp.html . SSL support
> is added in pg_hba.conf, via hostssl
> The exception I get when I run a test application to connect the
> database is something like that:
>
> Unhandled Exception: Npgsql.NpgsqlException: Error in Open() --->
> System.IO.IOException: An I/O exception occurred. --->
> Org.Mentalis.Security.SecurityException
> : An error occurs while communicating with the remote host. --->
> Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message
> uses a protocol that was not recognized.
>
> Do you have any idea what can be the reason? Thanks in advance.
>

You are aware that the connection does not start as a SSL connection, but
begins as a normal one and then switches over.

Kris Jurka


Re: PostgreSQL SSL communication with SecureTcpClient (Ssl

From
Tom Lane
Date:
Kris Jurka <books@ejurka.com> writes:
> On Mon, 29 Sep 2003, Angel Todorov wrote:
>> : An error occurs while communicating with the remote host. --->
>> Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message
>> uses a protocol that was not recognized.
>>
>> Do you have any idea what can be the reason? Thanks in advance.

> You are aware that the connection does not start as a SSL connection, but
> begins as a normal one and then switches over.

Specifically, you need to eat the initial "S" or "N" response byte from
the server before firing up the SSL startup handshake.

            regards, tom lane