I specify the configuration as TLSv1.2 and it still resorts to TLSv1.3. The configurations are listed below.
server_tls_protocols = tlsv1.2
server_tls_sslmode = verify-ca
Log:
SSL established: TLSv1.3/TLS_AES_256_GCM_SHA384/ECDH=prime256v1
I get this error in the logs as well :
2020-10-01 10:30:45.291 2319 WARNING tls_sbufio_recv: unexpected handshake, closing connection
2020-10-01 10:30:45.291 2319 LOG S-0x56286f074d60: test/[email protected]:5432 closing because: server conn crashed? (age=0)
Openssl version : 1.1.1 Pgbouncer version : 1.8.1
Is there something simple I'm missing here? I understand TLSv1.3 doesn't work with openssl 1.1.1 but up until a couple of days back it succeeded using TLSv1.2. I have the list of available ciphers accepted by the Postgres server as well. Hardcoding them in server_tls_ciphers doesn't help the case either. Is there a way to make it communicate with TLSv1.2?