psql sslmode behavior and trace_connection_negotiation in PG17

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Hao Zhang <[email protected]>
To: pgsql-general <[email protected]>
Subject: psql sslmode behavior and trace_connection_negotiation in PG17
Date: Wed, 17 Jul 2024 21:12:52 -0700
Message-ID: <CAGXpB2mwQqJv0pJL8u1ZduiUERYuWxr8_xdGbhWRAfmYyq8J7g@mail.gmail.com> (raw)

Hi

I tried to connect with psql + client sslmode = require + server requiring
ssl with PG17 and trace_connection_negotiation = "on". So "SSLRequest
accepted" is logged twice with two different PID. I believe the PID 15553
is psql and 15554 is the PG backend. How do you explain the two connections
with SSLRequest? From the log, it seems psql made a connection to itself
with SSLRequest and proxied that to Postgres server with a full SSL
negotiation. I never saw a log on 15553's connection being closed when I
closed the psql process. Does this behavior match what was talked about in
the below hacker thread on additional connection?

2024-07-17 03:06:54.492 PDT [15553] LOG:  connection received:
host=127.0.0.1 port=54002
2024-07-17 03:06:54.492 PDT [15553] LOG:  SSLRequest accepted
2024-07-17 03:06:59.982 PDT [15554] LOG:  connection received:
host=127.0.0.1 port=54004
2024-07-17 03:06:59.982 PDT [15554] LOG:  SSLRequest accepted
2024-07-17 03:06:59.994 PDT [15554] LOG:  connection authenticated:
identity="postgres" method=md5 (/usr/local/pgsql/data/pg_hba.conf:18)
2024-07-17 03:06:59.994 PDT [15554] LOG:  connection authorized:
user=postgres database=postgres application_name=psql SSL enabled
(protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)

https://www.postgresql.org/message-id/flat/CAM-w4HOEAzxyY01ZKOj-iq=M4-VDk=vzQgUsuqiTFjFDZaebdg@mail....

view thread (2+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: psql sslmode behavior and trace_connection_negotiation in PG17
  In-Reply-To: <CAGXpB2mwQqJv0pJL8u1ZduiUERYuWxr8_xdGbhWRAfmYyq8J7g@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox