Connector Improvement: mTLS support for PostgreSQL connector
Answered
It seems as though the Generic PostgreSQL connector runs with `sslmode=verify-ca`, when it should really also support `verify-full` so that the server can verify the client as an added layer of security. I would consider this table stakes for security in a data integration business, so I'm surprised not to see it here. We have not encountered it to be missing in any of the other platforms we have tried.
-
Official comment
Hi Tom,
our apologies for the long delay in responding! We fixed some long standing issues on our side and are now trying to process the backlog of messages.
A few questions:
(1) is this still relevant for you?
(2) So,
sslmode=verify-caandsslmode=verify-fullare always about how the client checks the server’s certificate.
mTLS adds the reverse: the server also checks the client. With that in mind, are you asking for:
2a. support for sslmode=verify-full for the client checking the server?
2b. support for sslmode=verify-full for the server checking the client?2c. both?
Thanks,
Pieter
Please sign in to leave a comment.
Comments
1 comment