Re: pg13 psql can't connect pg instance with ssl enabled after upgrading

I added "gssencmode=disable" in the client connection string, then psql 13 can login pg13 with ssl connection
postgresql_13_1/bin/psql "sslmode=require host=xxxxxxx dbname=postgres gssencmode=disable"
psql (13.1)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.

but not sure why pg11 psql can login pg13 without gssencmode=disable
looks like something changes in pg13 about gssencryption.

can gssencryption be disable on server side? so clients don't need to change connection string anymore.
or is it fixed in pg13.2?
thanks
James

________________________________
From: jian xu <jamesxu(at)outlook(dot)com>
Sent: Friday, February 12, 2021 18:40
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject: Re: pg13 psql can't connect pg instance with ssl enabled after upgrading

thanks Tom, may I know if there is a way to disable GSS encryption? and only use ssl encryption?
not sure why it worked on pg11, but not on pg13....
does it mean if we use GSS, we are not able to use ssl encryption on pg13?
thanks,
James
________________________________
From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Sent: Friday, February 12, 2021 17:59
To: jian xu <jamesxu(at)outlook(dot)com>
Cc: pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject: Re: pg13 psql can't connect pg instance with ssl enabled after upgrading

jian xu <jamesxu(at)outlook(dot)com> writes:
> Thanks Tom. you are right, we are using GSS authentication. and psql version is 13.1
> postgresql_13_1/bin/psql --version
> psql (PostgreSQL) 13.1

Ah. Then perhaps you want hostgssenc not hostssl in your pg_hba
entries. But I'd definitely recommend an update to 13.2, as it
fixes a number of GSS bugs besides this one.

regards, tom lane