The OpenSource DBMS PostgreSQL
supports TLS protecting server-client connections (based on the OpenSSL
library).
We've developed these enhancements for the PostgreSQL
A patch enhancing configuring SSL in PostgreSQL.
postgresql-ssl-enhancement.patch
(4Κα) (for the CVS-snapshot of the PostgreSQL version being developed
from June 30, 2006).
This patch adds the functionality descripted below:
Both the server and the client library libpq read the configuration
file for the OpenSSL library. This allows using engines, including the
ones supporting new cryptographic algorythms.
The ssl_ciphers directive has been added to the file
postgresql.conf. This directive allows explicitly specifying the list of
algorythms being used.
The libpq library can use private keys kept on hardware tokens
supported by the OpenSSL engines.
The patch also includes the documentation additions describing the
new functionality.
Starting from PostgreSQL 8.3 this functionality is included into
PostgreSQL core.
The engine (4.8Kb) for the PostgreSQL
server allows to get information about the client certificate used for
establishing the SSL-connection during the current session from the stored procedures or triggers.
This engine allows to store the information about the client
certificate belonging to users who made any changes in the DB and
partially replaces the valid client certificate autorisation absent in
the PostgreSQL.
This module is included in the contrib section of the PostgreSQL
distribution starting from version 8.2.
