Hey,
whats the state of this? Can we start working out a plan to remove the
inital SSLRequest from the connection protocol or is there any reason to
keep it?
I would start by removing the need of the SSLRequest in the psql-server
if its started with a special parameter(ssl-only or so).
Simulta
I liked the idea with separate ports for ssl and non ssl requests and
tried it with haproxy.
The psql-client connects with haproxy and receives the fixed 'S' byte
response. After that he tried to continue on the same connection and
doens't open a new one. This crashes the connection because haprox
On 12/12/2020 13:52, Lukas Meisegeier wrote:
Thanks for the provided ideas :)
I use HaProxy for my load-balancing and unfortunately I can't define
that I want to listen on a port for both ssl and non ssl requests.
Could you configure HaProxy to listen on separate ports for SSL and
non-SSL conn
Thanks for the provided ideas :)
I use HaProxy for my load-balancing and unfortunately I can't define
that I want to listen on a port for both ssl and non ssl requests.
That means if I try to return a fixed response 'S' on the SSLRequest it
fails with an SSL-Handshake failure cause the server expe
Hey Heikki,
thanks for providing feedback :)
The traffic between proxy and psql-server is unencrypted thats why I
don't need to patch the server.
I tried returning a fixed response on the first plain SSLRequest
forwarding it to a psql-server with ssl enabled an tried to switch then
on the ssl con
On 11/12/2020 16:46, Lukas Meisegeier wrote:
Hey Heikki,
thanks for providing feedback :)
The traffic between proxy and psql-server is unencrypted thats why I
don't need to patch the server.
Ok.
I tried returning a fixed response on the first plain SSLRequest
forwarding it to a psql-server w
On 10/12/2020 17:49, Lukas Meisegeier wrote:
I try to host multiple postgresql-servers on the same ip and the same
port through SNI-based load-balancing.
Currently this is not possible because of two issues:
1. The psql client won't set the tls-sni-extension correctly
(https://www.postgresql.org/
