0

Using old Postgres server

PostgreSQL 9.1.2 on x86_64-unknown-linux-gnu, compiled by gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 64-bit

Server has symlinks server.crt and server.key in data directory /var/lib/postgresql/9.1./main and ssl=true in postgresql.conf file.

Server is running in old Debian squeeze.

Client accesses server from Windows 10 using psqlODBC driver with 

sslmode=allow

in connection string.

How to verify that connection is encrypted? Is there some command in client or server or can some protocol analyzer used if no easier way?

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
Andrus
  • 26,339
  • 60
  • 204
  • 378
  • 2
    What about allowing **only** ssl connection? Then you can be sure the connection is encrypted –  Mar 22 '19 at 09:07
  • If you don't know how to configure it properlly you are reduced to sniffing. The traffic. Best to learn how to comfigure it first. Off topic. – user207421 Mar 22 '19 at 09:23
  • @a_horse_with_no_name. I added sslmode=require to psqlodbc connection string an it worked without issues. I need verify is connection encrypted, network admin complains that it is not encrypted. Maybe some postgres query can used. – Andrus Mar 22 '19 at 09:43
  • 1
    I am talking about doing that in `pg_hba.conf` to refuse any non-ssl connection (essentially change all `host` entries to `hostssl` and then non-ssl connections aren't possible) –  Mar 22 '19 at 09:44

1 Answers1

0

The correct solution is to upgrade to 9.5 or above and look into the pg_stat_ssl view. That will tell you if and how the connection is encrypted.

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
  • Upgrading is not easy. Is there some query in 9.1 which can used to check is connection encrypted ? Magnus has written small extension but I'm not sure can this installed on this server. – Andrus Mar 22 '19 at 10:02
  • Sniffing the network is easier. – Laurenz Albe Mar 22 '19 at 10:07