Re: Direct SSL connection and ALPN loose ends

On 17/06/2024 17:11, Jacob Champion wrote:
> On Mon, Apr 29, 2024 at 8:24 AM Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
>> I was mostly worried about the refactoring of the
>> retry logic in libpq (and about the pre-existing logic too to be honest,
>> it was complicated before these changes already).
>
> Some changes in the v17 negotiation fallback order caught my eye:
>
> 1. For sslmode=prefer, a modern v3 error during negotiation now
> results in a fallback to plaintext. For v16 this resulted in an
> immediate failure. (v2 errors retain the v16 behavior.)
> 2. For gssencmode=prefer, a legacy v2 error during negotiation now
> results in an immediate failure. In v16 it allowed fallback to SSL or
> plaintext depending on sslmode.
>
> Are both these changes intentional/desirable? Change #1 seems to
> partially undo the decision made in a49fbaaf:
>
>> Don't assume that "E" response to NEGOTIATE_SSL_CODE means pre-7.0 server.
>>
>> These days, such a response is far more likely to signify a server-side
>> problem, such as fork failure. [...]
>>
>> Hence, it seems best to just eliminate the assumption that backing off
>> to non-SSL/2.0 protocol is the way to recover from an "E" response, and
>> instead treat the server error the same as we would in non-SSL cases.

They were not intentional. Let me think about the desirable part :-).

By "negotiation", which part of the protocol are we talking about
exactly? In the middle of the TLS handshake? After sending the startup
packet?

I think the behavior with v2 and v3 errors should be the same. And I
think an immediate failure is appropriate on any v2/v3 error during
negotiation, assuming we don't use those errors for things like "TLS not
supported", which would warrant a fallback.

--
Heikki Linnakangas
Neon (https://neon.tech)