I am trying to connect to my PostgreSQL server on AWS using SSL from the OpenSSL s_client on XP. I can connect to a third party using this s_client. On both the server and XP, I am using openssl version 0.9.8.k.
When I try to connect to my server, I get the result:
CONNECTED(00000003)
2036:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188
:
In the Postgres log, I see the entry:
2009-10-30 13:58:08 UTC LOG: invalid length of startup packet
I'd appreciate any suggestions about where to look to get this working. Maybe there is a public AWS image I can look at on which PostgreSQL is known to work?
Best Answer
You didn't specify why you wanted to use s_client.
If it is to interact with the database, any decent client will do.
psqlcan be called with thesslmode=requireoption. Seeman psql.If it is to check the SSL certificate (which is why I came across your question),
it still doesn't work with s_client as Magnus pointed out 7 years ago.you can now do it withopenssl s_clientif you have a version >= 1.1.1, as pointed out in the answer of Adam Batkin. Useopenssl versionto check, or just directly try this command to see if it works.If you have an older version which doesn't support postgres, this python script can also retrieve the SSL certificate: https://github.com/thusoy/postgres-mitm/blob/master/postgres_get_server_cert.py
For example to check certificate dates: