postgres could not accept SSL connection: EOF detected
I am trying to set up ssl (self-signed certs) for a postgres DB (version 9.6) I have attached to my python flask gunicorn app. I have been running the postgres server without ssl just fine, but am trying to increase security on the application.
I've used the following tutorials:
- https://www.postgresql.org/docs/9.6/static/libpq-ssl.html
- https://blog.jelastic.com/2016/08/31/establish-secure-ssl-connection-to-postgresql-db-server/
- https://www.howtoforge.com/postgresql-ssl-certificates
and while they were very useful, I can't seem to get passed this issue (in my log file):
LOG: database system was shut down at 2017-11-07 13:15:47 EST
LOG: MultiXact member wraparound protections are now enabled
LOG: database system is ready to accept connections
LOG: autovacuum launcher started
LOG: could not accept SSL connection: EOF detected // THIS LINE HERE
The application runs, but not over ssl.
Here is my postgres.conf (what I thought was relevant):
listen_addresses = '*'
port = 7654
ssl = on
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
ssl_ca_file = 'root.crt'
and here is my pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
hostssl all all 0.0.0.0/0 trust clientcert=1
# I've also tried:
#hostssl all myUser 0.0.0.0/0 md5 clientcert=1
#hostssl all all 0.0.0.0/0 md5
Here is some trace logging.
Which indicates an issue with be-secure-openssl.c, on this line:
if (!SSL_context)
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), // THIS LINE
errmsg("could not initialize SSL connection: SSL context not set up")));
return -1;
}