Search Postgresql Archives

Re: SSL/TLS encryption without

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2022-11-01 11:13:01 -0500, Ron wrote:
> sides=> select * from pg_stat_ssl where pid = 362;
> -[ RECORD 1 ]-+----------------------------
> pid           | 362
> ssl           | t
> version       | TLSv1.2
> cipher        | ECDHE-RSA-AES256-GCM-SHA384
> bits          | 256
> compression   | f
> client_dn     |
> client_serial |
> issuer_dn     |
> 
> I've got 85 connections where ssl='t'. How can connections be encrypted
> using SSL/TLS without a client certificate?

Given that you probably never generated a client certificate for your
browser: How could HTTPS work?

The certificates are used for authentication, not for encryption. The
public key(s) included in the certificates may be used during key
exchange, but there are key exchange algorithms which don't need that
(in fact I think ECDHE is one of them) at all, and even those that do
need only one key, so it is sufficient that only the server has a
certificate.

        hp

-- 
   _  | Peter J. Holzer    | Story must make more sense than reality.
|_|_) |                    |
| |   | hjp@xxxxxx         |    -- Charles Stross, "Creative writing
__/   | http://www.hjp.at/ |       challenge!"

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux