Ah, that's it! My code examination just had reached ProcessStartupPacket, when your mail arrived.Hm. The postmaster is sending back 'N' indicating that it does not want to do SSL.
Are you sure you are connecting to an SSL-enabled postmaster?
Also, is your connection by any chance IPV6? It doesn't look like it from the tcpdump, but I'm not sure I know how to tell.
The kernel is IPV6, and incoming IPV4 connection will be handled IPV6; I can tell this from pg_hba.conf experiments that my installation requires the ::ffff:192.168.0.0/24 entry.
The relevant bit of code in the postmaster is
#ifdef USE_SSL /* No SSL when disabled or on Unix sockets */ if (!EnableSSL || port->laddr.addr.ss_family != AF_INET) SSLok = 'N'; else SSLok = 'S'; /* Support for SSL */ #else SSLok = 'N'; /* No support for SSL */ #endif
According to the comment, it should be
if (!EnableSSL || port->laddr.addr.ss_family == AF_UNIX)
and after changing this it works! Quite hard to find, probably most users you'd ask "do you use IPV6" would have answered "no". I didn't opt vor IPV6 either, it's a stock SuSE 8.1.
Immediately, I checked the reported ssl hangs, and found both cases working. Dave reported this failing on snake.pgadmin.org, which uses a different openssl (0.9.7a), I'll see if I can check that version (won't be before monday, need some sleep now).
Regards, Andreas
---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
