Skip to content

Ensure SSL is enabled and configured correctly

Description

SSL on a PostgreSQL server should be enabled (set to on) and configured to encrypt TCP traffic to and from the server.

Rationale

If SSL is not enabled and configured correctly, this increases the risk of data being compromised in transit.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if SSL is enabled
 */
function validate(databaseSettings) {
    const settingName = "ssl"
    const expectedValue = "on"
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
validate(databaseSettings);