CPPM Postgres TLS Settings
01-30-2020 11:05 AM
checkbox enforcers InfoSec folks have determined that we must restrict TLS to v1.2 and I'm unable to find a setting for the postgres listener on 5432/tcp. I've played with the Disable TLS version 1.0/1.1 cluster-wide parameters in my lab (running v6.7.8), but I'm still seeing TLSv1.1 in my scans (sslyze --regular --starttls=postgres <pub>:5432).
Is there a way to manage the TLS settings for postgres?
Re: CPPM Postgres TLS Settings
02-09-2020 11:05 PM
I'm not aware of such an option be available to the end user.
However, I pretty sure TAC can login to the database with admin acces and set the SSL requirements.
Not sure if they will comply to your demand though