Django - postgres: how can I verify whether the database connection is SSL?

Question

My postgres server should be forcing SSL connection however I would like to verify this setting directly from the Django app. Is there a way to inspect the database connection (perhaps through manage.py shell and make sure the connection is SSL?

Answer 1

You can confirm that the connection is encrypted by looking for the cipher in the connection information after navigating to python manage.py dbshell

SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 
128, compression: off)

otherwise, you will see no SSL information.

Answer 2

I believe I found one way, but I will wait before accepting in case people have critiques of this method:

1. connect to the database server as superuser and run create extension sslinfo; to install the sslinfo extension. This may not be possible for some who don't have superuser access, however in my case where I configured server-side SSL enforcement, SU access is given.
2. run the following in manage.py shell:

-

from django.db import connection

with connection.cursor() as cursor:
    cursor.execute('select ssl_is_used();')
    output = cursor.fetchall()
    print(output) # will print [(True,)] if SSL

This executes raw SQL which should return [(True,)] if SSL is enabled.

Relevant documentation about sslinfo can be found here

Answer 3

I don't know how to configure that from your Django app, but maybe you could tell postgres to require SSL in the sslmode connection parameter?