Hi I want to setup postgres to encrypt all connections to my db using ssl. My settings: pg_hba.conf: # TYPE DATABASE USER ADDRESS METHOD hostssl my_db all 0.0.0.0/0 md5 postgresql.conf: ssl = on ssl_ciphers = 'ECDHE-ECDSA-AES256-GCM-SHA384' ssl_cert_file = 'server.crt' ssl_key_file = 'server.key' And I tried to connect to my db via psql: psql.exe "host=192.168.0.32 port=5432 dbname=my_db user=test_user sslmode=verify-ca sslrootcert=server.crt" I got an error: psql: SSL error: sslv3 alert handshake failure The same result with pgAdmin: SSL error: sslv3 alert handshake failure FATAL: no pg_hba.conf entry for host "192.168.0.32", user "test_user", database "my_db", SSL off And also the same result was in my program using pqxx lib: SSL error: sslv3 alert handshake failure But if I change in postgresql.conf option ssl_ciphers = 'DES-CBC3-SHA' so, all connections (from psql, pgAdmin and my program) would succeed. I tried to use in ssl_ciphers option all tls_1.2 ciphers from https://www.openssl.org/docs/apps/ciphers.html#tls_v1_2_cipher_suites but without success. Additional info: OS Windows 7 Ultimate PostgreSQL 9.3.4, compiled by Visual C++ build 1600, 64-bit psql (9.3.4) OpenSSL 1.0.1g Is it means that there is no way to use tls_1.2 ciphers for connections security? Or how can I use, for eg. cipher 'ECDHE-ECDSA-AES256-GCM-SHA384' for my connections? -- View this message in context: http://postgresql.nabble.com/PostgreSQL-using-TLS-v1-2-ciphers-tp5839567.html Sent from the PostgreSQL - general mailing list archive at Nabble.com. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
