
I did a final test before logging out for Christmas because i found a thread in 
hackers discussing some issue with GSS and SSL.

So if i set gssencmode=disable on my pgsql-13 to postgres 13 server connection 
i get an SSL connection.

Is this expected behaviour?

$ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server 
Password for user kalle:
psql (13.1)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, 
compression: off)
Type "help" for help.


KR, Mikael Gustavsson, SMHI

Från: externaly-forwar...@smhi.se <externaly-forwar...@smhi.se> för Gustavsson 
Mikael <mikael.gustavs...@smhi.se>
Skickat: den 22 december 2020 09:07:17
Till: Tom Lane
Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-gene...@postgresql.org; 
Svensson Peter
Ämne: SV: SV: SV: SV: Problem with ssl and psql in Postgresql 13


Yes it´s odd. I think we begin with download/reinstall and take it from there.

The server name is just letters and numbers so I think we can rule that out.

Christmas is coming up fast as usual so I think I will pick this up in January.

Thanks for all the help and Happy Christmas! Or God Jul as we say in Sweden.


Mikael Gustavsson, SMHI

Från: Tom Lane <t...@sss.pgh.pa.us>
Skickat: den 18 december 2020 21:02:50
Till: Gustavsson Mikael
Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-gene...@postgresql.org; 
Svensson Peter
Ämne: Re: SV: SV: SV: Problem with ssl and psql in Postgresql 13

Gustavsson Mikael <mikael.gustavs...@smhi.se> writes:
> pgsql-13 with require:
> $ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server 
> sslmode=require"
> Password for user kalle:
> psql (13.1)
> Type "help" for help.

That is just bizarre.  libpq should not ignore the sslmode=require option
like that, unless it thinks it's making a Unix-socket connection, which
it should not think given the host specification.  (There's not a slash
in your server's real name, is there?  But if there was, v11 should
misbehave too.)

It seems like there must be some environment setting, or maybe a service
file, changing the behavior from what it should be on its face.  But
that theory has big flaws too: an explicit sslmode=require setting should
not be overridable from environment, and even if it was, why wouldn't v11
act the same?

The only other conclusion I can think of is that your copy of libpq.so
is broken.  Maybe you should try redownloading/reinstalling v13.

                        regards, tom lane

Reply via email to