| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "keith(at)burdis(dot)org" <keith(at)burdis(dot)org> |
| Subject: | Re: Proposal: sslmode=tls-only |
| Date: | 2022-01-03 17:24:19 |
| Message-ID: | 91d0cea232ed6d922c0593bd4aa5b61f98a0fdee.camel@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 2021-12-24 at 14:08 +0000, Keith Burdis wrote:
> Has consideration been given to having something like ssl-mode=tls-
> only where the SSLRequest message is skipped and the TLS handshake
> starts immediately with the protocol continuing after that?
From an implementation standpoint, I think I'd prefer to keep sslmode
independent from the new implicit-TLS setting, so that any existing
deployments can migrate to the new handshake without needing to change
their certificate setup. (That said, any sslmodes weaker than `require`
would be incompatible with the new setting.)
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-01-03 17:27:18 | Re: Use MaxLockMode in lock methods initialization |
| Previous Message | tushar | 2022-01-03 17:12:03 | Re: refactoring basebackup.c |