HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

Can you make SSL and SSL-only (hostssl) connections to PGPool?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
canhostsslyoumakepgpoolandsslonlyconnections

Problem

The new version of PGPool (3.2) has an "SSL" section in the conf file, and directions on how to use it in the manual. However, pool_hba.conf specifically says that PGPool doesn't support SSL (i.e. using "hostssl" to force ssl connectivity in the conf file). These seem contradictory. My company wants me to experiment with PGPool, but only if they have assurance that it will work with SSL forced always-on from the client side (from psql/postgres drivers in our web applications).

This leads me to two questions:

Does PGPool 3.2 or newer support inbound SSL encrypted Postgres client connections?

Does PGPool 3.2 or newer support SSL encrypted connections to its backend Postgres instances?

Anecdotal experience or a reference to someone with it is preferred; the documentation seems spotty.

Solution

I'm not sure about pgPool, but pgBouncer (another connection pool) can use SSL by using Stunnel.

Check your functional requirements to see if pgBouncer can solve your problem. Maybe pgPool can also use Stunnel, you could give it a try.

Context

StackExchange Database Administrators Q#22700, answer score: 3

Revisions (0)

No revisions yet.