[pgpool-general: 8704] Re: Will pgpool use SSL encryption only when connected with a certain user?

Tatsuo Ishii ishii at sraoss.co.jp
Fri Mar 31 16:40:57 JST 2023


> Hi Tatsuo,
> 
> I noticed that postgresql will specify hosting a particular user with SSL
> authentication:
> https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
> 
> and pgpool has to set its own hba file to override the one of postgresql:
> https://www.pgpool.net/docs/44/en/html/auth-pool-hba-conf.html

I think you are misunderstanding the role of pool_hba.conf: it affects
between client <--> Pgpool-II.

> So the scenario seems:
> postgresql --plain TCP-- pgpool  --SSL TCP-- some client
> Am I correct?

Also followings are possible.
postgresql --SSL TCP-- pgpool  --SSL TCP-- some client
postgresql --SSL TCP-- pgpool  --plain TCP-- some client
postgresql --plain TCP-- pgpool  --plain TCP-- some client

> Also I would like to know if there is a method to establish an SSL TCP with
> a client without asking the client to show its certificate, just like https
> does to encrypt http content.

Yes, you can.

Best reagards,
--
Tatsuo Ishii
SRA OSS LLC
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp



More information about the pgpool-general mailing list