On 2022-11-01 11:13:01 -0500, Ron wrote: > sides=> select * from pg_stat_ssl where pid = 362; > -[ RECORD 1 ]-+---------------------------- > pid | 362 > ssl | t > version | TLSv1.2 > cipher | ECDHE-RSA-AES256-GCM-SHA384 > bits | 256 > compression | f > client_dn | > client_serial | > issuer_dn | > > I've got 85 connections where ssl='t'. How can connections be encrypted > using SSL/TLS without a client certificate? Given that you probably never generated a client certificate for your browser: How could HTTPS work? The certificates are used for authentication, not for encryption. The public key(s) included in the certificates may be used during key exchange, but there are key exchange algorithms which don't need that (in fact I think ECDHE is one of them) at all, and even those that do need only one key, so it is sufficient that only the server has a certificate. hp -- _ | Peter J. Holzer | Story must make more sense than reality. |_|_) | | | | | hjp@xxxxxx | -- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!"
Attachment:
signature.asc
Description: PGP signature