Tom Lane wrote:
Basically my point here is that the default "prefer" SSL mode effectively becomes "require" if the server has a root.crt.
Ok, in the scenario where validation is important, clients should be using "require" anyway, so it's not an issue so long as libpq doesn't try to fall back to non-SSL when "require" is in effect.
A default SSL mode of "prefer" does seem a bit dodgy, though -- it only protects against passive attacks. I'd be tempted to make "disable" the default, so that you have a better chance of visible errors if clients are not correctly configured rather than silently forging ahead with a connection that might be unintentionally insecure. That would mean lots of pain for existing installs though :(
I had to dig into the libpq docs to find any mention of the environment variables / config files that set the SSL behaviour. It'd be useful to have details in the psql manpage too..
-O
---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
