| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Christoph Berg <myon(at)debian(dot)org>, George MacKerron <george(at)mackerron(dot)co(dot)uk>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sslmode=secure by default (Re: Making sslrootcert=system work on Windows psql) |
| Date: | 2025-04-25 13:04:25 |
| Message-ID: | 05D3E9A4-79B9-40BB-B24E-21A9CC475417@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 25 Apr 2025, at 00:16, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> wrote:
> Let me derail some more, while we're at it I think it would be good to
> add tls-prefixed aliases for all our ssl options. Like tlscert/tlskey.
> Since such a new postgress:// scheme would be totally new, maybe we
> can even disallow the ssl prefixed ones there.
I think that would be a mistake, 'SSL' has long lost its original meaning and
is now interpreted to be an umbrella term for "secure connections with
certificates and things". Sticking to ssl_* will most likely be the least
confusing for our users.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Matheus Alcantara | 2025-04-25 13:25:14 | Re: extension_control_path and "directory" |
| Previous Message | Daniel Gustafsson | 2025-04-25 12:53:04 | Re: Making sslrootcert=system work on Windows psql |