Verifying SSL/TLS Encryption ​

Yellowbrick data warehouse instances support and enforce SSL/TLS encryption for client communications and passwords. All client connections from all tools, including connections to Yellowbick Manager, the front-end PostgreSQL database, and ybtools, must connect via HTTPS. All non-SSL connections are rejected.

Connection Prerequisites ​

TLS/SSL version 1.2 is required, as provided by openssl version 1.0.2 and later, which exists on almost all current operating systems. To check your version on Linux/UNIX, macOS, and Windows platforms, run the openssl version command. For example:

$ openssl version
OpenSSL 1.0.2g-fips  1 Mar 2016

% openssl version
LibreSSL 2.8.3

Verifying Secure Connections ​

Administrators can verify that clients are connecting securely by running a query against the sys.session view. For example, this query joins sys.session and sys.user to get the name of users and their secure connection details:

premdb=> select ss.session_id, ss.application_name, ss.user_id, su.name, ss.secure_details 
from sys.user su, sys.session ss where su.user_id=ss.user_id and secure_connection = true;
 session_id | application_name | user_id |            name             |                secure_details                
------------+------------------+---------+-----------------------------+----------------------------------------------
     93192 | ybsql            |   16399 | trebor@yellowbrickcloud.com | TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384/256 bits
(1 row)