Hi Magnus,
The clients 11 and 13 is on the same host.
Hmm, I get the same error if I set sslmode=require.
$ /usr/pgsql-13/bin/psql -d postgres --set=sslmode=require -Ukalle -hserver -W
Password:
psql: error: FATAL: no pg_hba.conf entry for host "nn.nnn.n.nnn", user "kalle", database "postgres", SSL off
FATAL: no pg_hba.conf entry for host "nn.nnn.n.nnn", user "kalle", database "postgres", SSL off
KR Mikael Gustavsson, SMHI
Från: Magnus Hagander <magnus@xxxxxxxxxxxx>
Skickat: den 17 december 2020 15:52:55
Till: Gustavsson Mikael
Kopia: Tom Lane; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter
Ämne: Re: SV: Problem with ssl and psql in Postgresql 13
Skickat: den 17 december 2020 15:52:55
Till: Gustavsson Mikael
Kopia: Tom Lane; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter
Ämne: Re: SV: Problem with ssl and psql in Postgresql 13
On Thu, Dec 17, 2020 at 3:36 PM Gustavsson Mikael
<mikael.gustavsson@xxxxxxx> wrote:
>
>
> Hi,
>
> log_connections is on. The ERR message is correct, we do not have an entry for SSL off.
> The question is why psql(13) is trying to connect without ssl?
>
> 2020-12-17T14:25:09.565566+00:00 server INFO [30-1] pgpid=2422778 pguser=[unknown] pghost=nnn.nn.n.nnn pgdb=[unknown] pgapp=[unknown] LOG: connection received: host=nnn.nn.n.nnn port=40112
> 2020-12-17T14:25:09.566411+00:00 server ERR [31-1] pgpid=2422778 pguser=kalle pghost=nnn.nn.n.nnn pgdb=postgres pgapp=[unknown] FATAL: no pg_hba.conf entry for host "nnn.nn.n.nnn", user "kalle", database "postgres", SSL off
By default psql/libpq will fall back to a clear text connection if the
ssl encrypted one failed. Specify sslmode=require (or preferably
higher) in the connection string or set PGSSLMODE=require on the
client to disable that behavior. If you do that, my guess is you will
see a direct connection failure instead of that error?
PostgreSQL 13 did change the default value for minimum tls version to
1.2. But that seems unlikely to be the problem since you get TLS 1.3
when you use the old version...
I assume you're running both the 11 and the 13 client on the same host?
--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/
<mikael.gustavsson@xxxxxxx> wrote:
>
>
> Hi,
>
> log_connections is on. The ERR message is correct, we do not have an entry for SSL off.
> The question is why psql(13) is trying to connect without ssl?
>
> 2020-12-17T14:25:09.565566+00:00 server INFO [30-1] pgpid=2422778 pguser=[unknown] pghost=nnn.nn.n.nnn pgdb=[unknown] pgapp=[unknown] LOG: connection received: host=nnn.nn.n.nnn port=40112
> 2020-12-17T14:25:09.566411+00:00 server ERR [31-1] pgpid=2422778 pguser=kalle pghost=nnn.nn.n.nnn pgdb=postgres pgapp=[unknown] FATAL: no pg_hba.conf entry for host "nnn.nn.n.nnn", user "kalle", database "postgres", SSL off
By default psql/libpq will fall back to a clear text connection if the
ssl encrypted one failed. Specify sslmode=require (or preferably
higher) in the connection string or set PGSSLMODE=require on the
client to disable that behavior. If you do that, my guess is you will
see a direct connection failure instead of that error?
PostgreSQL 13 did change the default value for minimum tls version to
1.2. But that seems unlikely to be the problem since you get TLS 1.3
when you use the old version...
I assume you're running both the 11 and the 13 client on the same host?
--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/