I enabled SSL on my PostgreSQL database and enforced it using pg_hba.conf with the following line:
hostssl all all 0.0.0.0/0 md5
From the PostgreSQL connection logs and network traffic captured via tcpdump, it seems that SSL connections are being made:
2024-10-20 10:12:16.140 UTC [63] LOG: connection authenticated: identity="user" method=md5 (/etc/postgresql/pg_hba.conf:136)
2024-10-20 10:12:16.140 UTC [63] LOG: connection authorized: user=user database=db SSL enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)
However, as Dovecot and PostgreSQL are running on different machines and the certificate and its CA are not trusted in dovecot machine, I expected Dovecot, which connects to PostgreSQL to flag an issue with the self-signed certificate, but there are no complaints. This leads me to believe that the certificate is not being properly validated, making the connection vulnerable to attacks like MITM (Man-in-the-Middle).
Is there an extra configuration or step I'm missing to enforce certificate validation? How can I ensure that connections are secure, and the certificate is being properly validated?