2

I would like to connect to my Postgres 8.3 database using SSL from my XP client using OpenSSL. This works fine without SSL. When I try it with SSL (no client certificate), I get the error:

error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure

I suspect that I need to change something with the Postgres configuration but I don't know what. I have followed the instructions in the Postgres manual for SSL including creating a self-signed certificate. In my pg_hba.conf there is a line:

host  dbname  loginname   123.45.67.89/32  md5

Is there something else I should be looking at?

Improve this question
1
  • Good question, but the solution is not likely to require programming. Probably get better response on serverfault.com Commented Sep 7, 2009 at 17:33

2 Answers 2

Reset to default
1

This is an error inside OpenSSL. It doesn't sound like a PostgreSQL configuration problem. However, it could be an OpenSSL config problem - check if you have any non-detailt openssl.conf on the machine(s).

Also, what version of OpenSSL do you have on the server, and what OS is that? If you have a really old one, that could be the reason.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The only config file I see on the server is openssl.cnf and it looks OK to me. The version of OpenSSL on the server is 0.9.8g and on the client is 0.9.8j. Might be worthwhile to update the version on the server. Thanks.
Still the same issue after updating the server to 0.9.8k
0

Postgres requires starttls. Try this instead:

echo "" | openssl s_client -starttls postgres -connect <host>:5432 -showcerts

Or with decoding of the returned certs:

echo "" | openssl s_client -starttls postgres -connect <host>:5432 -showcerts | openssl x509 -noout -text

(Answer added to this ancient question since Google was returning it as a high result for a similar problem.)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.