When attempting to connect to a local or remote PostgreSQL 13 database instance running on RHEL 9, the connection fails immediately with an error message indicating that the connection was reset.

Common symptoms include:

• The psql command fails with the error:

  psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: Connection reset by peer

  • Note: On some clients, this may appear as "Server closed the connection unexpectedly" or "Transport endpoint is not connected".

• The PostgreSQL service is active and running (verified via systemctl status postgresql-13).

• System logs (journalctl -xe or /var/log/messages) may show segmentation faults (segfaults) or immediate termination of the Postgres backend worker process during the connection handshake.

• This issue occurs even when connecting as the superuser (postgres) to the local Unix socket.

Aria Config 8.17

Tanzu Guardrails for Workloads 8.17

RHEL 9

This issue is caused by an incompatibility between OpenSSL 3.0 (which is the default cryptographic library in RHEL 9) and older minor versions of PostgreSQL 13.

• RHEL 9 enforces strict cryptographic policies and uses OpenSSL 3.0 by default.

• PostgreSQL 13 versions prior to 13.11 contain SSL handshake code that does not correctly handle the internal state changes and error queue management introduced in OpenSSL 3.0.

• When a client attempts to connect, the PostgreSQL backend process triggers an unexpected state in the OpenSSL library, leading to a crash of that specific backend process. This drops the socket connection, resulting in the "Connection reset" error seen by the client.

Since PostgreSQL 13 is no longer supported, the recommended resolution is to upgrade to PostgreSQL 15. Version 15 is fully compatible with the OpenSSL 3.0 libraries native to RHEL 9.

Follow these steps to upgrade and migrate your data:

1. Stop the PostgreSQL 13 service Ensure the old database service is stopped to release file locks.

   sudo systemctl stop postgresql-13
   

2. Install PostgreSQL 15 Install the newer server packages.

   sudo dnf install postgresql15-server
   

3. Initialize the PostgreSQL 15 database Initialize the new data directory.

   sudo /usr/pgsql-15/bin/postgresql-15-setup initdb
   

4. Migrate Data Use pg_upgrade to migrate data from the crashing version 13 instance to the new version 15 instance. This method avoids the need for a database dump (which would fail due to the connection issues).

   sudo /usr/pgsql-15/bin/pg_upgrade \
     -b /usr/pgsql-13/bin/ -B /usr/pgsql-15/bin/ \
     -d /var/lib/pgsql/13/data/ -D /var/lib/pgsql/15/data/
   

5. Start the PostgreSQL 15 service Start the new service and enable it to start on boot.

   sudo systemctl enable --now postgresql-15
   

6. Verify connectivity Attempt to connect to the database using the new client.

   sudo -u postgres psql
   

Users can also follow the standard documentation provided from Postgresql in case this documentation falls out of date.