Hi! I've received a bug report from a PostgreSQL user that psql 12.1 failed to connect to a PostgreSQL 12.1 server, with the following error message:
psql: error: could not connect to server: FATAL: unsupported frontend protocol 1234.5679: server supports 2.0 to 3.0 After inspecting a TCP dump, I realised that libpq apparently sent a GSS startup packet, got 'N' (not supported) response, then tried a SSL startup packet, at which point the server sent an error. The bug report is available at the following URL: https://github.com/PostgresApp/PostgresApp/issues/537 After inspecting postmaster.c, it seems that postmaster only allows a single negotiation attempt, but libpq doesn't know that. I'm not familiar with GSS, but from my naive point of view it would seem that we should fix this issue as follows: 1) On the server side, allow multiple negotiation attempts (eg. allow SSL negotiation after a rejected GSS negotiation attempt) 2) On the client side, detect an error message after the second negotiation attempt, and reconnect, to ensure compatibility with servers that do not support multiple attempts yet. I've attached two proposed patches with these changes. Best regards, Jakob
0001-Allow-multiple-ssl-gss-negotiation-attempts.patch
Description: Binary data
0002-libpq-Retry-after-failed-ssl-gss-negotiation.patch
Description: Binary data
