Обсуждение: How can I be confirm that data is encrypted over the network using SSL
I have configured SSL connection between client/server using self-signed certificate.
----------------------------------------------------------------------------------
Password:
Welcome to psql 8.3.8, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
postgres=# \l
List of databases
Name | Owner | Encoding
-----------+----------+----------
postgres | postgres | UTF8
template0 | postgres | UTF8
template1 | postgres | UTF8
(3 rows)
--------------------------------------------------------------------------------------
PGDATA dir:
-------------------------------------------------------------------
-bash-3.2$ ls -l
total 84
drwx------ 5 postgres postgres 4096 May 4 14:09 base
drwx------ 2 postgres postgres 4096 May 5 10:58 global
...
-rw------- 1 postgres postgres 3600 May 4 14:17 server.crt
-rw------- 1 postgres postgres 887 May 4 14:17 server.key
-rw------- 1 postgres postgres 2195 May 4 14:16 server.req
----------------------------------------------------------------------
Client ~/.postgresql dir
--------------------------------------------
-bash-3.2$ ls -l
total 12
-rw-r--r-- 1 postgres postgres 3259 May 4 18:36 postgresql.crt
-rw------- 1 postgres postgres 887 May 4 18:35 postgresql.key
-rw-r--r-- 1 postgres postgres 2080 May 4 18:35 postgresql.req
--------------------------------------------
I set the $PGSSLMODE=require to encrypt data across the netwrok.
How could I be sure that data is encrypted over the network?
----------------------------------------------------------------------------------
Password:
Welcome to psql 8.3.8, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
postgres=# \l
List of databases
Name | Owner | Encoding
-----------+----------+----------
postgres | postgres | UTF8
template0 | postgres | UTF8
template1 | postgres | UTF8
(3 rows)
--------------------------------------------------------------------------------------
PGDATA dir:
-------------------------------------------------------------------
-bash-3.2$ ls -l
total 84
drwx------ 5 postgres postgres 4096 May 4 14:09 base
drwx------ 2 postgres postgres 4096 May 5 10:58 global
...
-rw------- 1 postgres postgres 3600 May 4 14:17 server.crt
-rw------- 1 postgres postgres 887 May 4 14:17 server.key
-rw------- 1 postgres postgres 2195 May 4 14:16 server.req
----------------------------------------------------------------------
Client ~/.postgresql dir
--------------------------------------------
-bash-3.2$ ls -l
total 12
-rw-r--r-- 1 postgres postgres 3259 May 4 18:36 postgresql.crt
-rw------- 1 postgres postgres 887 May 4 18:35 postgresql.key
-rw-r--r-- 1 postgres postgres 2080 May 4 18:35 postgresql.req
--------------------------------------------
I set the $PGSSLMODE=require to encrypt data across the netwrok.
How could I be sure that data is encrypted over the network?
AI Rumman wrote: > I have configured SSL connection between client/server using > self-signed certificate. > ... > SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) > ..... > I set the $PGSSLMODE=require to encrypt data across the netwrok. > > > How could I be sure that data is encrypted over the network? > use a packet sniiffer like wireshark or tcpdump to examine traffic to the server hostip on whatever tcp port you're using... if its plaintext, you would see your SQL commands and their responses coming across the wire. if its SSL, it will all look like binary gibberish.