Enforce encryption

edited October 2018 in General Discussion

We are running a cluster configured to use SSL for authentication and encryption; i.e., EnableSSL is set to 1 and certificates and keys are in place.

Client authentication is done by usernames and passwords.

With this being said, we would like to enforce that all clients use SSL when connecting. For example, vsql uses it by default, but specifying -m disable lets me connect without any encryption. Is there any way to disallow this? (Likewise for JDBC and ODBC clients.)

Comments

  • SruthiASruthiA Administrator

    Yes, you can disallow by creating client authentication records

    created 2 Authentication methods one to reject SSL and other to accept SSL Traffic. Create a role. grant this authentication method to that role and assign all users to newly created role.

  • edited October 2018

    Thank you very much! I ended up creating two password-based authentication methods; one for LOCAL, and another one for HOST TLS. This has the implicit effect of not allowing remote connections without TLS/SSL.

  • SruthiASruthiA Administrator

    You are welcome.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file