JDBC and RDS PostgreSQL TLS Encryption connection problem
We used AWS EC2 instance and RDS PostgreSQL, and we deployed java program on EC2 instance, using jdbc for query. According to the AWS&JDBC documentation, AWS RDS PostgreSQL supports TLS encrypted connection by default, jdbc also uses encrypted connection by default(We did not set the sslmode parameter). But when I capture the packet on EC2, I see the packet in plaintext, why?
Command on EC2 Instance: sudo tcpdump -i any port 5432 -w pgtest.pcap
I was expecting to see TLS1.3 or TLS1.2, but the packet content is all PGSQL
According to the information given,I can fully understand that you want your password to be encrypted.RDS for PostgreSQL uses and expects all clients to connect using SSL/TLS, but you need to require it to use to request connection .This means your connection string would still have to specify an SSL certificate like :
$ psql -h db-name.555555555555.ap-southeast-1.rds.amazonaws.com-p 5432 dbname=testDB user=testusersslrootcert=rds-ca-2019-root.pem sslmode=verify-full
You can require that connections to your PostgreSQL DB instance use SSL by using the rds.force_ssl parameter.By default, the rds.force_ssl parameter is set to 0 (off). You can set the rds.force_ssl parameter to 1 (on) to require SSL for connections to your DB instance for more information using SSL with a PostgreSQL DB instance.Learn more about How can you stop Amazon RDS for PostgreSQL from logging my passwords in clear-text in the log files.
If requires ssl connection then need to specify in the
- PG parameter group rds.force_ssl  https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html#PostgreSQL.Concepts.General.SSL.Requiring
- JDBC connection string to specify ssl mode and other parameters https://jdbc.postgresql.org/documentation/head/connect.html
The default mode I think is prefer for PostgreSQL, which mentioned in the PG doc  https://www.postgresql.org/docs/current/libpq-ssl.html: "I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it." It is when certificate exist otherwise will not use.
Does AWS DMS support ARRAY data type for RDS for PostgreSQL on EC2 to Aurora PostgreSQL migration?Accepted Answerasked 2 years ago
Aws glue connects to RDS PostgreSQLAccepted Answerasked 4 months ago
Connecting TypeScript backend in EC2 to PostgreSQL RDSasked 11 days ago
RDS Postgresql migrate to Aurora Postgresql. Not showing "Aurora read replica" & "Migrate snapshot" options.Accepted Answerasked 6 months ago
rds-db:* and organizationsasked 2 months ago
Amazon RDS for PostgreSQL: Configuration differences with PostgreSQL on EC2Accepted Answerasked 2 years ago
Problem with deadlock on AWS RDS MySQLasked 4 years ago
How to create SSL dblink connection from RDS to postgres on premise?asked 5 months ago
Athena API vs JDBC Driverasked 3 years ago
JDBC and RDS PostgreSQL TLS Encryption connection problemasked 14 days ago