How to check if PostgreSQL installation supports SSL?

Question

In the PostgreSQL documentation is described that required to build PostgreSQL for SSL support:

http://www.postgresql.org/docs/9.1/static/ssl-tcp.html

Is it possible that PostgreSQL installation supports SSL out of the box from some CentoOS repository? How to check if PostgreSQL installation supports SSL?

Answer 1

Pretty much any packaged PostgreSQL will support SSL.

That doesn't mean you can actually connect with SSL. For that, you need a private key and certificate to be configured for that install.

You really have:

• Is not compiled with SSL support
• Is compiled with SSL support but not configured for SSL
• Is compiled with SSL support and configured for SSL, but does not allow SSL connections in pg_hba.conf from my current location
• Is compiled with SSL support, configured for SSL, and pg_hba.conf allows (or requires) connections via ssl

The best way to see if it supports SSL, as a client, is to connect to it and see.

If you're checking to see if the server is compiled with SSL support, so SSL will work if you configure it, you can check pg_config.h from the development package; it will define USE_OPENSSL if it's enabled in the build. Or you can try to run the postgres executable with the ssl=on option set, e.g.

/path/to/postgres -c ssl=on

which will output:

FATAL:  SSL is not supported by this build

if SSL isn't available.