On 2022-11-01 11:13:01 -0500, Ron wrote:
> sides=> select * from pg_stat_ssl where pid = 362;
> -[ RECORD 1 ]-+----------------------------
> pid | 362
> ssl | t
> version | TLSv1.2
> cipher | ECDHE-RSA-AES256-GCM-SHA384
> bits | 256
> compression | f
> client_dn |
> client_serial |
> issuer_dn |
>
> I've got 85 connections where ssl='t'. How can connections be encrypted
> using SSL/TLS without a client certificate?
Given that you probably never generated a client certificate for your
browser: How could HTTPS work?
The certificates are used for authentication, not for encryption. The
public key(s) included in the certificates may be used during key
exchange, but there are key exchange algorithms which don't need that
(in fact I think ECDHE is one of them) at all, and even those that do
need only one key, so it is sufficient that only the server has a
certificate.
hp
--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp@xxxxxx | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"
Attachment:
signature.asc
Description: PGP signature
