Francisco Reyes <lists@xxxxxxxxxxx> writes: > On 07/09/2015 03:07 PM, Vick Khera wrote: >> openssl s_client -connect HOST:PORT -CAfile /path/to/CA.pem > According to this post: > http://serverfault.com/questions/79876/connecting-to-postgresql-with-ssl-using-openssl-s-client?rq=1 > one can not use openssl to test ssl connection to postgresql. True? I should think you can't; it wouldn't know to send the initial packet that asks the server to initiate SSL mode. I found this in the man page for s_client mode: -starttls protocol send the protocol-specific message(s) to switch to TLS for communication. protocol is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", and "ftp". So they've certainly heard of such issues, and you could imagine adding a "-starttls postgresql" variant, but it's not there now ... at least not in the OpenSSL version that ships in RHEL6. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
