Hi!  I'm trying to set up stunnel for postgres, and cannot get it working.  For the moment, I'm just trying to test locally on a Mac.  I have set up postgres SSL correctly and confirmed that direct connections to the db with psql work with SSL.

Here's the most promising config I've come up with:

foreground = yes

client = yes

[postgresql]

protocol = pgsql

accept = 127.0.0.1:5433

connect = 127.0.0.1:5432

verify = 0

cert = /opt/homebrew/var/postgresql@16/server.crt

key = /opt/homebrew/var/postgresql@16/server.key

CAfile = /opt/homebrew/var/postgresql@16/ca.crt

Here's what I'm getting:

$ PGSSLMODE=disable psql -h 127.0.0.1 -p 5432 -U casey -d postgres -c 'select 1' -At

1

$ PGSSLMODE=require psql -h 127.0.0.1 -p 5432 -U casey -d postgres -c 'select 1' -At

1

$ PGSSLMODE=disable psql -h 127.0.0.1 -p 5433 -U casey -d postgres -c 'select 1' -At

psql: error: connection to server at "127.0.0.1", port 5433 failed: server offered SCRAM-SHA-256-PLUS authentication over a non-SSL connection

$ PGSSLMODE=require psql -h 127.0.0.1 -p 5433 -U casey -d postgres -c 'select 1' -At

psql: error: connection to server at "127.0.0.1", port 5433 failed: FATAL:  unsupported frontend protocol 1234.5679: server supports 3.0 to 3.0

Also, is it possible to connect to stunnel via UNIX socket instead of TCP?

Thanks,

-- 

Casey

_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-leave@stunnel.org