connection_failure server does not support SSL, but SSL was required — 08006

Symptoms

The client required SSL (e.g. sslmode=require) but the server is not configured to offer it. The connection fails with SQLSTATE 08006 (connection_failure).

• Client demanded SSL; server has SSL disabled.
• Common with ssl = off on the server.
• Either enable SSL on the server or relax the client requirement.

What the server log shows

could not initiate SSL connection: server does not support SSL, but SSL was required

Why PostgreSQL raises this — what the manual says

Section 18.9.1 Basic Setup:

“The server will listen for both normal and SSL connections on the same TCP port, and will negotiate with any connecting client on whether to use SSL.”

When the client’s SSL mode requires encryption but the server advertises no SSL support, the negotiation cannot satisfy the requirement and the connection fails with 08006.

Common causes

• ssl = off (or missing cert/key) on the server.
• Client sslmode=require/verify-full against a non-SSL server.
• Connecting to the wrong (non-TLS) endpoint.

How to fix it

1. Enable SSL on the server (ssl = on with valid cert/key), then reload/restart.
2. If encryption isn’t required, use a less strict sslmode (e.g. prefer).
3. Connect to the correct TLS-enabled endpoint/port.

Related & next steps

• SQLSTATE 08006 — Connection Failure (full reference)
• Message: received invalid response to SSL negotiation
• Glossary: SSL/TLS

Reference: PostgreSQL 18 Section 19.9 “SSL”.