Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u1rEP-009954-AK for pgadmin-support@arkaria.postgresql.org; Mon, 07 Apr 2025 18:30:01 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u1rEN-002REi-K0 for pgadmin-support@arkaria.postgresql.org; Mon, 07 Apr 2025 18:29:59 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u1rEN-002REY-CR for pgadmin-support@lists.postgresql.org; Mon, 07 Apr 2025 18:29:59 +0000 Received: from mail-lf1-x132.google.com ([2a00:1450:4864:20::132]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1u1rEM-003WQ1-07 for pgadmin-support@lists.postgresql.org; Mon, 07 Apr 2025 18:29:58 +0000 Received: by mail-lf1-x132.google.com with SMTP id 2adb3069b0e04-5499d2134e8so5764193e87.0 for ; Mon, 07 Apr 2025 11:29:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744050596; x=1744655396; darn=lists.postgresql.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Tvea+Uu/Jq/WNnXGlN7VUd+A61L3x72pxxoW9dpvOaE=; b=ECgtCpW+C4ALt79T9cZQlc3QeDI41sIwCGO6sOJJYiResHDyUI/PhalKXB3YlXRI3X SnlvL5vi1sStUaA+CH6AaL9z6zfYqklBf5U8T4VkAFpvifUGfwNngy2JfOeEKvVN7GVR quzRD+pGT3kEO/8YWnw9o4NHIYUiEGPu2TGxsuedll5tdXi8TFIKJQATzrHX1EuxguZ0 /uoyWZtNXHIcjnauzsW9N5sbpio6bsmqVRyS9PAH2c+b9QI0AA1icLxQtUcIbSJ1jm7J kHZx9Kt8GA6lWqlgCc9xyLSZ9H+hlq7qBC5lXvMGSeKOOvBGEQWS5tVc6uAd9CWf28SF 9bRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744050596; x=1744655396; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Tvea+Uu/Jq/WNnXGlN7VUd+A61L3x72pxxoW9dpvOaE=; b=T3d+HBPtWsnqE3eMK6kH2oD1/6pzAezgRQoGNlAF2L6bEg7wGgNOO6SGkuT2d55Tey zQeV+JfKDf5WiOhIuO72x7FUNHq3zY0wWLQX1qjGZRaWScLB0zb8nv9OFp+vWVbXn77N 3e4eLu0+/bcaoAT3z4FGgXI68wxCP2Tvwqln1ZoM+mYElEsM/S2cTqJxp+NR66vuP6TW 6mnAxKqwfwwWHIO1mRaS7UoWE/fy3w820XTMS8+YOthmjfMbM/w0BBA9ksVtSjbe3A1+ ZY9m0QiCF+R6FelsEKK+b5yxgai8zVkK/oO4/X9m0ETZs2NvI9Aiw2WlSjlRi51fq6Az 5j5A== X-Gm-Message-State: AOJu0YwXnhQPu5XmbmQ2CIehGUMpEJBgoCz+yTkQOtqupDkDqE6iC4y0 PxEn8/Q4taMgyIvUX+j20Oj6iZeViPlMMumgbvGi3VFWg90PgRcG9mtCEMASy9sQbcXR2IoMUPR 3uxsSSSEzlNpdfInAfTTiz+HR9Sa5ltuo8Rw= X-Gm-Gg: ASbGncu/Z0hC2D4A2TLoUNXvShADX53uW9GudXwl8eOLiRxfA+we0G7Ha2DO+TBHpPd Gcmeg3pkvKkmH2MmE+BVjqU+V4zDtjgz60ZVItzQME+I+h+HFaIncWipWrXUYZH5KrvaUf4t4mI kUk4g3EN7wzjAXenCRc4162R6diQ== X-Google-Smtp-Source: AGHT+IG9onuI9zYOdZQGl/S9D3mpoCO/IZdmgL1agKZIyAJox4RP/3R6x/43LiD2JlTcKn6tpw6UbxvtSuA5XwtG538= X-Received: by 2002:a05:6512:4029:b0:549:8c86:7407 with SMTP id 2adb3069b0e04-54c2984801emr2678347e87.52.1744050595677; Mon, 07 Apr 2025 11:29:55 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: John Barker Date: Mon, 7 Apr 2025 14:29:43 -0400 X-Gm-Features: ATxdqUGp29pKby1sNYQ5EiETIYgEGPbGXimKR_NCn-EeRZXvVm_zVzug66d6ssE Message-ID: Subject: Fwd: Enforcing TLS 1.3 as a a minimum version To: pgadmin-support@lists.postgresql.org Content-Type: multipart/alternative; boundary="00000000000039d1590632346c86" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000039d1590632346c86 Content-Type: text/plain; charset="UTF-8" I am running pgAdmin 9.1 in a podman container and am trying to ensure that TLS 1.3 is the minimum version. I have created an override file and I know that it is being read at startup but the enforcement of TLS 1.3 is not happening. I am using this configuration as suggested by the documentation here: https://docs.gunicorn.org/en/21.2.0/settings.html Any idea of what to check. I know the file is being parsed because if I introduce a bad config, it is noted at startup. Also, where or how is the instance variable for the config defined? "The callable needs to accept an instance variable for the Config" The below is a file mapped into the container called gunicorn_config.py def ssl_context(conf, default_ssl_context_factory): import ssl context = default_ssl_context_factory() context.minimum_version = ssl.TLSVersion.TLSv1_3 return context --00000000000039d1590632346c86 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

I am running pgAdmin 9.1 in a podman conta= iner and am trying to ensure that TLS 1.3 is the minimum version.=C2=A0 =C2= =A0 I have created an override=C2=A0file and I know that it is being read a= t startup but the enforcement of TLS 1.3 is not happening.=C2=A0 =C2=A0I am= using this configuration as suggested by the documentation here:=C2=A0=C2= =A0https://docs.gunicorn.org/en/21.2.0/settings.html

Any idea of what to check.=C2=A0 I know the fi= le is being parsed because if I introduce a bad config, it is noted at star= tup.

Also, where or how is the instance variable f= or the config defined?

"The callable= needs to accept an instance variable for the Config"
<= br>
The below is a file mapped into the container called gunicorn= _config.py
def =
ssl_context(conf, default_ssl_context_factory):
    import ssl
    context =3D default_ssl_context_factory()
    context.minimum_version =3D ssl<=
/span>.=
TLSVersion.TLSv1_3
    return context
--00000000000039d1590632346c86--