Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

JDBC and RDS PostgreSQL TLS Encryption connection problem

0

We used AWS EC2 instance and RDS PostgreSQL, and we deployed java program on EC2 instance, using jdbc for query. According to the AWS&JDBC documentation, AWS RDS PostgreSQL supports TLS encrypted connection by default, jdbc also uses encrypted connection by default(We did not set the sslmode parameter). But when I capture the packet on EC2, I see the packet in plaintext, why?

Command on EC2 Instance: sudo tcpdump -i any port 5432 -w pgtest.pcap

I was expecting to see TLS1.3 or TLS1.2, but the packet content is all PGSQL

Topics
AnalyticsComputeMigration & ModernizationDatabase
Tags
EncryptionAmazon EC2Amazon Relational Database ServicePostgreSQL
Language
English
asked 4 years ago787 views
1 Answer
0

Hi

If requires ssl connection then need to specify in the

  1. PG parameter group rds.force_ssl [1] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html#PostgreSQL.Concepts.General.SSL.Requiring
  2. JDBC connection string to specify ssl mode and other parameters https://jdbc.postgresql.org/documentation/head/connect.html

The default mode I think is prefer for PostgreSQL, which mentioned in the PG doc [2] https://www.postgresql.org/docs/current/libpq-ssl.html: "I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it." It is when certificate exist otherwise will not use.

AWS
SUPPORT ENGINEER
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content