Postgres: SSL/TLS is off

Suggest Edits

Postgres is a very popular and prominent data store. In terms of its privacy model, authentication, and authorization models, it is more than qualified to store app data, medical data, and sensitive data across the board.

Using the default "SSL off" configuration is a bad practice, since it invites unneeded risk into communicating with your data store in the form of MitM, eavesdropping and data exfiltration.

Problem

In postgresql.conf:

ssl = off

Fix

In postgresql.conf:

ssl = on

See

Postgres: secure connections with SSL
Postgres: ssl configuration

Updated over 1 year ago