protocol_violation received invalid response to SSL negotiation — 08P01

Symptoms

During the SSL handshake the client received an unexpected response, suggesting it is not talking to a real PostgreSQL server (or a proxy/middlebox interfered). The driver reports SQLSTATE 08P01 (protocol_violation).

• The SSL negotiation got a malformed/unexpected reply.
• Often points at a wrong port or a non-PostgreSQL endpoint.
• A proxy/load balancer may be intercepting the handshake.

What the server log shows

received invalid response to SSL negotiation: 72

Why PostgreSQL raises this — what the manual says

Section 54.2.11 SSL Session Encryption:

“The server then responds with a single byte containing S or N, indicating that it is willing or unwilling to perform SSL, respectively.”

PostgreSQL’s SSL negotiation expects a single-byte S/N reply to the SSLRequest. An invalid byte means the peer isn’t speaking the PostgreSQL protocol (wrong port, HTTP server, or an interfering proxy), so the client reports 08P01.

Common causes

• Connecting to a non-PostgreSQL port/service (e.g. an HTTP endpoint).
• A proxy/load balancer that mishandles the SSLRequest.
• A corrupted or incompatible network path.

How to fix it

1. Verify you are connecting to the correct PostgreSQL host/port.
2. Bypass or correctly configure any proxy/load balancer for the PostgreSQL protocol.
3. Confirm the endpoint actually runs PostgreSQL (not another service).

Related & next steps

• SQLSTATE 08P01 — Protocol Violation (full reference)
• Message: server does not support SSL, but SSL was required
• Glossary: Wire protocol

Reference: PostgreSQL 18 Section 53.2 “Message Flow”.