I get the following error when attempting to perform migrations against my PG 9.3 Database on Aptible in the
remote: ERROR -- : PG::ConnectionBad: SSL error: dh key too small
remote: ERROR -- : FATAL: no pg_hba.conf entry for host "...", user "aptible", database "db", SSL off
This error occurs when a server doesn’t meet the client’s OpenSSL Security Level requirements. At the time most systems default to Level 2 or lower. All Aptible PostgreSQL Databases meet the requirements for Level 2.
However, we have had reports that this error still occurs on PostgreSQL 9.3 when using Security Level 2. This is likely due to an error in the SSL implementation used by this version of Postgres. This will not be fixed as PG 9.3 has been deprecated for over 3 years now and is no longer being patched.
A simple workaround is to reduce the client system’s Security Level to 1. This can be done by adding the following line to your Dockerfile:
RUN sed -i s/SECLEVEL=2/SECLEVEL=1/g /etc/ssl/openssl.cnf