JDBC and RDS PostgreSQL TLS Encryption connection problem

Hello there

According to the information given,I can fully understand that you want your password to be encrypted.RDS for PostgreSQL uses and expects all clients to connect using SSL/TLS, but you need to require it to use to request connection [1].This means your connection string would still have to specify an SSL certificate like :

  $ psql -h db-name.555555555555.ap-southeast-1.rds.amazonaws.com-p 5432 dbname=testDB user=testusersslrootcert=rds-ca-2019-root.pem sslmode=verify-full
 

You can require that connections to your PostgreSQL DB instance use SSL by using the rds.force_ssl parameter.By default, the rds.force_ssl parameter is set to 0 (off). You can set the rds.force_ssl parameter to 1 (on) to require SSL for connections to your DB instance for more information using SSL with a PostgreSQL DB instance.Learn more about How can you stop Amazon RDS for PostgreSQL from logging my passwords in clear-text in the log files.

Resource: [1]https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html [2]https://aws.amazon.com/premiumsupport/knowledge-center/rds-postgresql-cleartext-logging/

Hi

If requires ssl connection then need to specify in the

1. PG parameter group rds.force_ssl [1] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html#PostgreSQL.Concepts.General.SSL.Requiring
2. JDBC connection string to specify ssl mode and other parameters https://jdbc.postgresql.org/documentation/head/connect.html

The default mode I think is prefer for PostgreSQL, which mentioned in the PG doc [2] https://www.postgresql.org/docs/current/libpq-ssl.html: "I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it." It is when certificate exist otherwise will not use.