Add support for strong TLS ciphers to jdbc_response probe

Idea created by mpapik on Oct 20, 2017
    • janym
    • jirisvoboda
    • Alexandre_Almeida
    • zdenek.kolar
    • Yu_Ishitani
    • GuanHua1378
    • mpapik
    • ttahkapaa

    We are using jdbc_response probe v1.24 with postgresql-42.1.4.jre7.jar driver running on probing server for monitoring PostgreSQL DB v9.4.


    We have tested connection from jdbc_response to PostgreSQL DB using below mentioned connection string:

    whilst on server side, there is following configuration of ssl ciphers:

    ssl_ciphers = 'TLSv1.2:TLSv1.1:TLSv1:HIGH:MEDIUM:+3DES:!SSLv3 MD5:!aNULL:!SSLv2:!ADH:!LOW:!EXP:!:@STRENGTH'

    allowing only TLS ciphers for SSL communication with DB server, so we got a SSL handshake exception.


    After we have allowed SSLv3 on server side, ECDHE-RSA-AES128-SHA cipher has been negotiated/agreed between server and client and connection has been successfully established.


    Please, add support for TLS ciphers (ideally v1.1 or v1.2) stronger that SSLv3 in jdbc_response probe. SSLv3 and SSLv2 ciphersuites are not allowed to use in our environment. SSLv2 a SSLv3 ciphers should not be used anywhere in production environment.


    Thank you.