Re: sslmode=require fallback

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Jakob Egger <jakob(at)eggerapps(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: sslmode=require fallback
Date: 2016-07-13 20:16:32
Message-ID: 32724.1468440992@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Thu, Jun 16, 2016 at 3:42 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> The default mode of "prefer" is ridiculous in a lot of ways. If you are
>> using SSL in any shape or form you should simply not use "prefer". That's
>> really the only answer at this point, unfortunately.

> Suppose we changed the default to "require". How crazy would that be?

You mean, aside from the fact that it breaks every single installation
that hasn't configured with SSL?

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2016-07-13 20:18:52 Re: rethinking dense_alloc (HashJoin) as a memory context
Previous Message Fabien COELHO 2016-07-13 20:16:25 Re: pgbench - allow to store select results into variables