Setting SSL/TLS protocol versions with PostgreSQL 12

Click for: original source

Straight to the point tutorial about setting SSL/TLS protocol versions in open source database PostgresQL. Published by Peter Eisentraut.

PostgreSQL 12 contains two new server settings:

  • ssl_min_protocol_version
  • ssl_max_protocol_version

As the names indicate, these are used to control the oldest (minimum) and newest (maximum) version of the SSL and TLS protocol family that the server will accept.

For historical reasons, in PostgreSQL, all settings related to SSL and TLS are named ssl_something, even though TLS is the currently correct term. Which TLS versions PostgreSQL supports also depends on what the OpenSSL library in use supports. All releases under the “OpenSSL” label (as opposed to the predecessor “SSLeay”) support at least TLS 1.0.

By default, PostgreSQL server and client leave the negotiation of the TLS version up to the SSL library. They will negotiate a TLS version between 1.0 and 1.3 transparently and use the latest one that both sides support.

For details steps how can you check what TLS versions you are currently using, commands examples and more – follow the link to this excellent tutorial!

[Read More]

Tags infosec database devops web-performance servers