Tuesday, January 3, 2012

Postgresql - Security : Enabling server-side SSL support

In the last post, I made a client connect through a SSH tunnel in order to avoid sending plain text messages to the backend. Now I'm testing the enabling of SSL support on the postgresql server.

I'm following this walktrough:
http://vibhorkumar.wordpress.com/2011/07/17/how-to-enable-ssl-in-postgresqlppas/

And I've already executed successfully the first part.
Tip:
+ SSL support seems to be available in the binary packages of some distros (so you don't have to compile postgresql from source to have this feature, just enable ssl through the postgresql.conf file ssl = on in the respective step)

This is how it looks a successful connection to the server, using SSL (in spanish =-( ):

Now, how does this communication channel look to a sniffer ? ( wireshark for instance)

Well, following the TCP stream, you only get a bunch of non-readable rubish.


Wich is great! It would be awesome to break this encryption somehow ... nah, just kidding.

No comments:

Post a Comment