Hello,
Using PostgreSQL 9.6.7 on x86_64-pc-linux-gnu. OS is a Debian
4.9.82-1+deb9u3 (2018-03-02), libpq5 (9.6.7), openssl stable 1.1.0f. System
is a virtual server (VPS) in the cloud.
Below is my pg_hba.conf file:
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
hostssl all all 0.0.0.0/0 md5
clientcert=1
Recently one of my users told me that they are receiving some error from
system.
I have my own daemon application running on that server. Accepting http
requests. Parsing them doing some select on one database and inserting into
another database. Select is a single row, insert is a single row for the
problem below. Below error message is for the database that I insert records
into.
I have following log lines about mentioned error:
2018-04-09 09:17:01.971 +03 [608] mutabakat@mutabakat LOG: SSL error:
decryption failed or bad record mac
2018-04-09 09:17:01.971 +03 [608] mutabakat@mutabakat LOG: could not
receive data from client: Bağlantı karşıdan kesildi
2018-04-09 09:17:01.971 +03 [608] mutabakat@mutabakat LOG: disconnection:
session time: 237:25:58.027 user=mutabakat database=mutabakat host=::1
port=34670
My application is running on the same computer as PostgreSQL database
server. It is using a single connection to the database over pqsql driver,
each http request is handled in a new thread using that single connection.
Application is online for about 2-3 months. So far, I did not have any
problems. Until I have above call and log lines. I normally do not need any
ssl connection to server. However, it is libpq5 which choose to do that. I
think it is possible to make a no-ssl connection with above pg_hba.conf (not
completely sure though).
- I do not know what that error actually mean. I would like to learn details
of it as well as possible solution suggestion(s), please.
- I also would like to have help to convert my connection to a plain
connection as there is no need for SSL connection for an application running
on the same machine.
Any help is appreciated.
Thanks & regards,
Ertan Küçükoğlu