Add support for strong TLS ciphers to jdbc_response probe

Idea created by mpapik on Oct 20, 2017
    Wish-Listed
    Score8
    • janym
    • jirisvoboda
    • Alexandre_Almeida
    • zdenek.kolar
    • Yu_Ishitani
    • GuanHua1378
    • mpapik
    • ttahkapaa

    We are using jdbc_response probe v1.24 with postgresql-42.1.4.jre7.jar driver running on probing server for monitoring PostgreSQL DB v9.4.

     

    We have tested connection from jdbc_response to PostgreSQL DB using below mentioned connection string:
    jdbc:postgresql://<server_fqdn>:5432/postgres?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory

    whilst on server side, there is following configuration of ssl ciphers:

    ssl_ciphers = 'TLSv1.2:TLSv1.1:TLSv1:HIGH:MEDIUM:+3DES:!SSLv3 MD5:!aNULL:!SSLv2:!ADH:!LOW:!EXP:!:@STRENGTH'

    allowing only TLS ciphers for SSL communication with DB server, so we got a SSL handshake exception.

     

    After we have allowed SSLv3 on server side, ECDHE-RSA-AES128-SHA cipher has been negotiated/agreed between server and client and connection has been successfully established.

     

    Please, add support for TLS ciphers (ideally v1.1 or v1.2) stronger that SSLv3 in jdbc_response probe. SSLv3 and SSLv2 ciphersuites are not allowed to use in our environment. SSLv2 a SSLv3 ciphers should not be used anywhere in production environment.

     

    Thank you.

     

    Regards,

    Martin