We are making connections to the postgres server through jdbc and psql (libpq) . I have set the ssl as on the postgres server . It can take ssl as well as non ssl connections. I made a connection through a psql client to postgres server and could confirm that the default sslmode (when no sslmode parameter is supplied while making connection) is "prefer". Please note i have not supplied the sslmode parameter in the connection string from psql. Still connection is secured
psql "postgresql://$POSTGRES_HOST:$PG_PORT/postgres" -U postgres
psql (9.6.18, server 9.6.12)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help
. This means that prefer is default sslmode for psql. I have read in the AWS documentation for jdbc connections to server the default mode is "verify-full". I created a jdbc connection to the postgres server by supplying no sslmode to the connection string .passing "verify-ca" and "verify-full" fails to connect to postgres server with no certficate found exception. The connection was successful . I just want to confirm what is the default sslmode for jdbc connections to the postgres server when ssl is turned on the server. I think it should require or below.
ssl=true
. If you don't setssl=true
and also don't setsslmode
, then JDBC behaves as if sslmode=prefer, same as libpq does. – jjanes