2

My postgres server should be forcing SSL connection however I would like to verify this setting directly from the Django app. Is there a way to inspect the database connection (perhaps through manage.py shell and make sure the connection is SSL?

Improve this question

3 Answers 3

Reset to default
10

You can confirm that the connection is encrypted by looking for the cipher in the connection information after navigating to python manage.py dbshell

SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 
128, compression: off)

otherwise, you will see no SSL information.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

awesome. Elegant and easy.
0

I don't know how to configure that from your Django app, but maybe you could tell postgres to require SSL in the sslmode connection parameter?

Improve this answer

2 Comments

yes that can be configured in the Django DATABASES setting (answered here). However, that doesn't really tell me if my existing connection is SSL (such as if I have a DB-server-enforced SSL without configuring SSL in Django). However, I think I found a way to do it and I will post.
@JadS Ok, as I understand it, your solution actually lets you verify if it is using SSL, but it requires a module. IMHO, if you tell your postgres driver that you require SSL, wouldn't it be a bug if it allowed you connect without SSL? Also, this post now links to stackoverflow.com/a/47683060/3914029 which tells you specifically how to set that parameter for your Django app. However, I'd mark your answer as solution, as it is what you actually wanted.
0

I believe I found one way, but I will wait before accepting in case people have critiques of this method:

  1. connect to the database server as superuser and run create extension sslinfo; to install the sslinfo extension. This may not be possible for some who don't have superuser access, however in my case where I configured server-side SSL enforcement, SU access is given.
  2. run the following in manage.py shell:

-

from django.db import connection

with connection.cursor() as cursor:
    cursor.execute('select ssl_is_used();')
    output = cursor.fetchall()
    print(output) # will print [(True,)] if SSL

This executes raw SQL which should return [(True,)] if SSL is enabled.

Relevant documentation about sslinfo can be found here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.