On Tue, Apr 23, 2024 at 2:20 PM Heikki Linnakangas <hlinn...@iki.fi> wrote: > > Attached patch tries to fix and clarify those.
s/negotiatied/negotiated/ in the attached patch, but other than that this seems like a definite improvement. Thanks! > (Note that the client will only attempt GSSAPI encryption if it can find > kerberos credentials in the environment.) Right. I don't like that it still happens with sslnegotiation=requiredirect, but I suspect that this is not the thread to complain about it in. Maybe I can propose a sslnegotiation=forcedirect or something for 18, to complement a postgresqls:// scheme. That leaves the ALPACA handshake correction, I think. (Peter had some questions on the original thread [1] that I've tried to answer.) And the overall consensus, or lack thereof, on whether or not `requiredirect` should be considered a security feature. Thanks, --Jacob [1] https://www.postgresql.org/message-id/e782e9f4-a0cd-49f5-800b-5e32a1b29183%40eisentraut.org
