TLS Is Rockstar Tech

[thomasmitchell]

Forcing people to send database information unencrypted over the wire seems bad. Let's fix it.

First, terminate incoming client TLS at the pgpool layer.
http://www.pgpool.net/docs/latest/en/html/runtime-ssl.html#RUNTIME-CONFIG-SSL-SETTINGS

ssl_key (string)
Specifies the path to the private key file to be used for incoming frontend connections. There is no default value for this option, and if left unset SSL will be disabled for incoming frontend connections.

This parameter can only be set at server start.

ssl_cert (string)
Specifies the path to the public x509 certificate file to be used for the incoming frontend connections. There is no default value for this option, and if left unset SSL will be disabled for incoming frontend connections.

This parameter can only be set at server start.

ssl_ca_cert (string)
Specifies the path to a PEM format CA certificate files, which can be used to verify the backend server certificates. This is analogous to the -CApath option of the OpenSSL verify(1) command.

This parameter can only be set at server start.

Also, make sure TLS between PGPool and the Postgres backends and between Postgres replication nodes is the thing.

Here's a thing I googled: https://evol-monkey.blogspot.com/2015/10/postgresql-94-streaming-replication.html

Also, TLS should be optional. Just because we think the user should definitely be using encryption doesn't mean that the boshrelease has to think it too.

[jhunt]

@tpoland: poke-ity poke-poke