| From: | Greg Stark <stark(at)mit(dot)edu> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Jakob Egger <jakob(at)eggerapps(dot)at>, Magnus Hagander <magnus(at)hagander(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: sslmode=require fallback |
| Date: | 2016-07-14 21:14:27 |
| Message-ID: | CAM-w4HMpt88FacB=EU9MqUpSdmknAGHum-dyC7U1BSWYjLzc4A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 13 Jul 2016 9:28 pm, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> > On Wed, Jul 13, 2016 at 3:16 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> >>> Suppose we changed the default to "require". How crazy would that be?
>
> >> You mean, aside from the fact that it breaks every single installation
> >> that hasn't configured with SSL?
>
> > No, including that.
Well what's required to "configure SSL" anyways? If you don't have
verify-ca set or a root canal cert present then the server just needs a
certificate -- any certificate. Can the server just cons one up on demand
(or server startup or initdb)?
Yes, that would not help with active MITM attacks but at least removes any
chance that people are unknowingly using an unencrypted connection
vulnerable to passive sniffers.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-07-14 21:27:52 | Re: sslmode=require fallback |
| Previous Message | Andres Freund | 2016-07-14 21:09:59 | Re: Improving executor performance |