Hi, On 10/03/2017 06:15 AM, Zeus Kronion wrote: > 2) I was surprised to learn the following from the docs: > >> By default, PostgreSQL will not perform any verification of the server > certificate. This means that it is possible to spoof the server identity (for > example by modifying a DNS record or by taking over the server IP address) > without the client knowing. In order to prevent spoofing, SSL certificate > verification must be used. > > Is there a technical reason to perform no verification by default? Wouldn't a > safer default be desirable?
If you want to verify server's certificate you should use DANE [1] + DNSSEC [2] ? (I am not an SSL expert too) If I understand correctly, you can store your certificate in a DNS record (TLSA). Then the client can check the certificate. You must trust your DNS server (protection against spoofing), that's why you have to use DNSSEC. 1: https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities 2: https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions -- Adrien NAYRAT
signature.asc
Description: OpenPGP digital signature