On Fri, 2021-12-24 at 14:08 +0000, Keith Burdis wrote: > Has consideration been given to having something like ssl-mode=tls- > only where the SSLRequest message is skipped and the TLS handshake > starts immediately with the protocol continuing after that?
From an implementation standpoint, I think I'd prefer to keep sslmode independent from the new implicit-TLS setting, so that any existing deployments can migrate to the new handshake without needing to change their certificate setup. (That said, any sslmodes weaker than `require` would be incompatible with the new setting.) --Jacob