Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sUIVz-001xTF-In
	for pgsql-general@arkaria.postgresql.org; Thu, 18 Jul 2024 04:13:11 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sUIVx-009GsU-Ev
	for pgsql-general@arkaria.postgresql.org; Thu, 18 Jul 2024 04:13:09 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <kennthhz@gmail.com>)
	id 1sUIVx-009GsM-3m
	for pgsql-general@lists.postgresql.org; Thu, 18 Jul 2024 04:13:09 +0000
Received: from mail-pg1-x531.google.com ([2607:f8b0:4864:20::531])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <kennthhz@gmail.com>)
	id 1sUIVu-0008Vp-SO
	for pgsql-general@lists.postgresql.org; Thu, 18 Jul 2024 04:13:08 +0000
Received: by mail-pg1-x531.google.com with SMTP id 41be03b00d2f7-793a3a79a83so235260a12.3
        for <pgsql-general@lists.postgresql.org>; Wed, 17 Jul 2024 21:13:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1721275984; x=1721880784; darn=lists.postgresql.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=49QDFcHn01sL4ezWg895tKJn9LTec+Y1uAHxiKW8VhY=;
        b=WluqCtysI7eYWYwtPx/2/I7/efUbqceQZEUVbKGlLWZigkdVqZqRoEeWVfYaVn3Dpz
         d9L+jgdkMlg0UDYBl+mV43NRx1II/Q5iau9nSmO5QlQhcmNnSGuv6LGpn37Yo1aEBmu8
         fhSMHAVa6eJgl9PVeXM0ocrQv1ruVMP/f0L/0qg1sqbwn5GquDQNrByxxdFvZtef4glZ
         zc8O0ji+que7QbEDe4Ry/i1MBTfJQm4bh71Dl0vfffZ+Grj462aVRW/zArXeaTJM82ue
         5lY/z2W1Q+AwMyOmVF7jjT7LezZ3kZAQcweIB3YBM9hLUyyCXits/mJApDN6glVqUtf1
         oanw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1721275984; x=1721880784;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=49QDFcHn01sL4ezWg895tKJn9LTec+Y1uAHxiKW8VhY=;
        b=AnWGuYCU6TDWSTXbJQz3bJhNvU9RDxUMqCwY6REltr91M+YFcRb3KCA/iCjb4LCJoj
         MX1Qpv9rmNFKxxiT+sJE9vNQ0BsREoomTsxIowjY+LX4/1kR8cj1Zlmp2Ayg1e39+uyh
         XRXe44N6RN0291HC6PYErHmL2TF2EkL+lcEDS7mGK4zL6uMGCZI2kM33i6qaasVt+T8X
         kjsk0BK4UrhI2ziDNbpHP7dlA5QfZR6qKYtKrkzOO9S57oC9wSIuWqHhswjibaZAMCJE
         dvVoECqdiEnm5+fclmhl1GOZOl1yeJM0LDWbVSFZpsZ7EiDVShAz2Ib+xQJqs1Iakisr
         aerw==
X-Gm-Message-State: AOJu0Yxcs2SxZS7cQ2nNvLO3W1cpUgY51Wt3odm6zLcY7FjUGyRKUnqc
	AM40hst8usZWYi8BCYSTqZ88soxw2iDYNtDMTcKrxQt8P/0VyouCirXWfmJjhQxZsozBMUv6fyK
	RucxXn4pG3Pk5zSgdOwuZHH+cGVVYJYPH9dpAaQ==
X-Google-Smtp-Source: AGHT+IGmUxIZWzArJw0Kg+cKAUD07v2Cz4x0lgac2TBVzHtMifoZJnKPgpmoXp5V4d9TS15QHuPIx5F0J5mb3Cv35co=
X-Received: by 2002:a05:6a21:394c:b0:1c0:e46a:1643 with SMTP id
 adf61e73a8af0-1c3fdcd6ef2mr4608930637.31.1721275984056; Wed, 17 Jul 2024
 21:13:04 -0700 (PDT)
MIME-Version: 1.0
From: Hao Zhang <kennthhz@gmail.com>
Date: Wed, 17 Jul 2024 21:12:52 -0700
Message-ID: <CAGXpB2mwQqJv0pJL8u1ZduiUERYuWxr8_xdGbhWRAfmYyq8J7g@mail.gmail.com>
Subject: psql sslmode behavior and trace_connection_negotiation in PG17
To: pgsql-general <pgsql-general@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="0000000000009719d3061d7dcbb9"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAGXpB2mwQqJv0pJL8u1ZduiUERYuWxr8_xdGbhWRAfmYyq8J7g%40mail.gmail.com>
Precedence: bulk

--0000000000009719d3061d7dcbb9
Content-Type: text/plain; charset="UTF-8"

Hi

I tried to connect with psql + client sslmode = require + server requiring
ssl with PG17 and trace_connection_negotiation = "on". So "SSLRequest
accepted" is logged twice with two different PID. I believe the PID 15553
is psql and 15554 is the PG backend. How do you explain the two connections
with SSLRequest? From the log, it seems psql made a connection to itself
with SSLRequest and proxied that to Postgres server with a full SSL
negotiation. I never saw a log on 15553's connection being closed when I
closed the psql process. Does this behavior match what was talked about in
the below hacker thread on additional connection?

2024-07-17 03:06:54.492 PDT [15553] LOG:  connection received:
host=127.0.0.1 port=54002
2024-07-17 03:06:54.492 PDT [15553] LOG:  SSLRequest accepted
2024-07-17 03:06:59.982 PDT [15554] LOG:  connection received:
host=127.0.0.1 port=54004
2024-07-17 03:06:59.982 PDT [15554] LOG:  SSLRequest accepted
2024-07-17 03:06:59.994 PDT [15554] LOG:  connection authenticated:
identity="postgres" method=md5 (/usr/local/pgsql/data/pg_hba.conf:18)
2024-07-17 03:06:59.994 PDT [15554] LOG:  connection authorized:
user=postgres database=postgres application_name=psql SSL enabled
(protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)


https://www.postgresql.org/message-id/flat/CAM-w4HOEAzxyY01ZKOj-iq=M4-VDk=vzQgUsuqiTFjFDZaebdg@mail.gmail.com

--0000000000009719d3061d7dcbb9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi<div><br></div><div>I tried to connect with psql=C2=A0+ =
client sslmode =3D require=C2=A0+ server requiring ssl with PG17 and trace_=
connection_negotiation =3D &quot;on&quot;. So &quot;SSLRequest accepted&quo=
t; is logged twice with two different PID. I believe the PID 15553 is psql =
and 15554 is the PG backend. How do you explain the two connections with SS=
LRequest? From the log, it seems psql made a connection to itself with SSLR=
equest and proxied that to Postgres server with a full SSL negotiation. I n=
ever saw a log on 15553&#39;s connection being closed when I closed the psq=
l process. Does this behavior match what was talked about in the below hack=
er thread on additional connection?=C2=A0<br><div><br></div><div>2024-07-17=
 03:06:54.492 PDT [15553] LOG: =C2=A0connection received: host=3D127.0.0.1 =
port=3D54002<br>2024-07-17 03:06:54.492 PDT [15553] LOG: =C2=A0SSLRequest a=
ccepted<br>2024-07-17 03:06:59.982 PDT [15554] LOG: =C2=A0connection receiv=
ed: host=3D127.0.0.1 port=3D54004<br>2024-07-17 03:06:59.982 PDT [15554] LO=
G: =C2=A0SSLRequest accepted<br>2024-07-17 03:06:59.994 PDT [15554] LOG: =
=C2=A0connection authenticated: identity=3D&quot;postgres&quot; method=3Dmd=
5 (/usr/local/pgsql/data/pg_hba.conf:18)<br>2024-07-17 03:06:59.994 PDT [15=
554] LOG: =C2=A0connection authorized: user=3Dpostgres database=3Dpostgres =
application_name=3Dpsql SSL enabled (protocol=3DTLSv1.3, cipher=3DTLS_AES_2=
56_GCM_SHA384, bits=3D256)<br><br><br><a href=3D"https://www.postgresql.org=
/message-id/flat/CAM-w4HOEAzxyY01ZKOj-iq=3DM4-VDk=3DvzQgUsuqiTFjFDZaebdg@ma=
il.gmail.com">https://www.postgresql.org/message-id/flat/CAM-w4HOEAzxyY01ZK=
Oj-iq=3DM4-VDk=3DvzQgUsuqiTFjFDZaebdg@mail.gmail.com</a><br></div></div></d=
iv>

--0000000000009719d3061d7dcbb9--