Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: TLS termination of outgoing connection to the database server #362

Open
Tracked by #168
mostafa opened this issue Nov 5, 2023 · 0 comments
Open
Tracked by #168

server: TLS termination of outgoing connection to the database server #362

mostafa opened this issue Nov 5, 2023 · 0 comments
Labels
enhancement New feature or request triage Triage based on the content

Comments

@mostafa
Copy link
Member

mostafa commented Nov 5, 2023
edited
Loading

The idea is to have GatewayD connect to Postgres via SSL, so that the clients can initiate authentication over a secure channel. If TLS is enabled on GatewayD, and TLS termination is enabled on outgoing connection to Postgres, GatewayD acts as a TLS broker. The traffic inside GatewayD is in plaintext, unless TLS termination is disabled or encryption is not enforced by the client/server.

Update:
There are some WIP changes on this branch. I tried to take the same approach for the server, but it didn't work as expected, because Postgres asks for SCRAM authentication right after TLS handshake, which confuses the clients (psql), as they do not expect it. I will pick this up after the AAA plugin is developed.
@mostafa mostafa mentioned this issue Nov 5, 2023
Open
5 tasks
@mostafa mostafa self-assigned this Nov 5, 2023
@mostafa mostafa added the enhancement New feature or request label Nov 5, 2023
@mostafa mostafa added this to the v0.8.x milestone Nov 5, 2023
@mostafa mostafa moved this from ✨ New to 🚧 In progress in GatewayD Core Public Roadmap Nov 6, 2023
@mostafa mostafa added the triage Triage based on the content label Nov 7, 2023
@mostafa mostafa moved this from 🚧 In progress to 📋 Backlog in GatewayD Core Public Roadmap Nov 7, 2023
@mostafa mostafa removed this from the v0.8.x milestone Nov 7, 2023
@mostafa mostafa removed their assignment Dec 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request triage Triage based on the content
Projects
GatewayD Core Public Roadmap
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mostafa