8 Dec
2023
8 Dec
'23
12:10 p.m.
On Sat, 9 Dec 2023 at 04:06, william@welliver.org wrote:
I'm not familiar with how the pgsql module is set up, so there may be some magic going on that needs to be worked around. If you're trying to attempt some sort of conditional TLS ala STARTTLS, you might find that handshaking doesn't work until the underlying file thinks there's some data to read.
Yes, it is. After establishing a socket connection, the Postgres client either sends a version request (to initiate an unencrypted connection), or a special "please encrypt" packet, to which the server will either respond yea or nay. After that, a regular TLS handshake begins (starting with the ClientHello).
ChrisA