Connect to Postgres with SSLv3 disabled on the server
Posted: Tue 14 Feb 2017 10:47
I'm using dotConnect 7.7.837.0 and Postgres 9.6 running on Windows 10/Windows Server 2012 with the following ssl configuration:
I'm only allowing ssl connections in pg_hba.conf
I run the postgres db from command line with the -d 1 flag to get a report on the quality of the connection.
With this setup dotConnect fails to connect with the error "The server hello message uses a protocol that was not recognized".
I've tried other cipher lists as well but whenever I put !SSLv3 in the Postgres Cipher List it fails to connect.
However PgAdmin and openssl.exe connects without an issue in these cases, in both cases the server reports TLS 1.2 connections, cipher=ECDHE-RSA-AES256-GCM-SHA384
The main reason for adding !SSLv3 to the cipher list is to prevent any client connecting to the Postgres server using the less secure SSL3 protocol as this poses a security risk.
Code: Select all
ssl = on
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!SSLv3:!aNULL:@STRENGTH'
I run the postgres db from command line with the -d 1 flag to get a report on the quality of the connection.
With this setup dotConnect fails to connect with the error "The server hello message uses a protocol that was not recognized".
I've tried other cipher lists as well but whenever I put !SSLv3 in the Postgres Cipher List it fails to connect.
However PgAdmin and openssl.exe connects without an issue in these cases, in both cases the server reports TLS 1.2 connections, cipher=ECDHE-RSA-AES256-GCM-SHA384
The main reason for adding !SSLv3 to the cipher list is to prevent any client connecting to the Postgres server using the less secure SSL3 protocol as this poses a security risk.