Re: sslmode=secure by default (Re: Making sslrootcert=system work on Windows psql)

Re: George MacKerron
> > Before we can make this change, I think we would have to improve the
> > UX. psql does not even have any --switch for it. PostgreSQL serving
> > non-SSL and SSL on the same port doesn't make the UX better... :-/
>
> How do you think the UX could be improved? Maybe by using a psql switch and/or an env var to opt out of (or initially even to opt into) the new sslmode treatment?

The env var is already there (PGSSLMODE).

Now you can say `psql -h db.example.com -p 5433 dbfoo`, but for
specifying the sslmode, you have to rewrite at least the last argument
to use connection string syntax, `psql "dbname=dbfoo sslmode=verify-full`.
This needs be be less cumbersome. (And the names of the options make
me want to stay away from them, require/verify-ca/verify-full/verify-confusing.
Your sslmode=secure idea is really good.)

It should be as simple as
psql --ssl (= sslmode=secure)
psql --insecure (the old sslmode=require)
psql --no-ssl (= sslmode=disable)

psql -s and -S are unfortunately already taken :-/

For connection strings, perhaps the best action is to tell people that
always including "sslmode=something" is best practise. For libpq-style
key=value connection strings, that wouldn't even be ugly. For
postgresql://-style strings, we would ideally have something like http://
vs https://, but I am not sure how to squeeze that into the syntax.
(Appending ?sslmode= works, but meh.)

Christoph