1src/backend/libpq/README.SSL 2 3SSL 4=== 5 6>From the servers perspective: 7 8 9 Receives StartupPacket 10 | 11 | 12 (Is SSL_NEGOTIATE_CODE?) ----------- Normal startup 13 | No 14 | 15 | Yes 16 | 17 | 18 (Server compiled with USE_SSL?) ------- Send 'N' 19 | No | 20 | | 21 | Yes Normal startup 22 | 23 | 24 Send 'S' 25 | 26 | 27 Establish SSL 28 | 29 | 30 Normal startup 31 32 33 34 35 36>From the clients perspective (v6.6 client _with_ SSL): 37 38 39 Connect 40 | 41 | 42 Send packet with SSL_NEGOTIATE_CODE 43 | 44 | 45 Receive single char ------- 'S' -------- Establish SSL 46 | | 47 | '<else>' | 48 | Normal startup 49 | 50 | 51 Is it 'E' for error ------------------- Retry connection 52 | Yes without SSL 53 | No 54 | 55 Is it 'N' for normal ------------------- Normal startup 56 | Yes 57 | 58 Fail with unknown 59 60--------------------------------------------------------------------------- 61 62Ephemeral DH 63============ 64 65Since the server static private key ($DataDir/server.key) will 66normally be stored unencrypted so that the database backend can 67restart automatically, it is important that we select an algorithm 68that continues to provide confidentiality even if the attacker has the 69server's private key. Ephemeral DH (EDH) keys provide this and more 70(Perfect Forward Secrecy aka PFS). 71 72N.B., the static private key should still be protected to the largest 73extent possible, to minimize the risk of impersonations. 74 75Another benefit of EDH is that it allows the backend and clients to 76use DSA keys. DSA keys can only provide digital signatures, not 77encryption, and are often acceptable in jurisdictions where RSA keys 78are unacceptable. 79 80The downside to EDH is that it makes it impossible to use ssldump(1) 81if there's a problem establishing an SSL session. In this case you'll 82need to temporarily disable EDH (see initialize_dh()). 83