On Thu, Apr 25, 2024 at 5:50 PM Heikki Linnakangas <hlinn...@iki.fi> wrote: > On 25/04/2024 21:13, Jacob Champion wrote: > > On Thu, Apr 25, 2024 at 10:35 AM Robert Haas <robertmh...@gmail.com> wrote: > >> Maybe I'm missing something here, but why doesn't sslnegotiation > >> override sslmode completely? Or alternatively, why not remove > >> sslnegotiation entirely and just have more sslmode values? I mean > >> maybe this shouldn't happen categorically, but if I say I want to > >> require a direct SSL connection, to me that implies that I don't want > >> an indirect SSL connection, and I really don't want a non-SSL > >> connection. > > My thinking with sslnegotiation is that it controls how SSL is > negotiated with the server, if SSL is to be used at all. It does not > control whether SSL is used or required; that's what sslmode is for.
I think this might boil down to the order in which someone thinks that different settings should be applied. It sounds like your mental model is that GSS settings are applied first, and then SSL settings are applied afterwards, and then within the SSL bucket you can select how you want to do SSL (direct or negotiated) and how required it is. My mental model is different: I imagine that since direct SSL happens from the first byte exchanged over the socket, direct SSL "happens first", making settings that pertain to negotiated GSS and negotiated SSL irrelevant. Because, logically, if you've decided to use direct SSL, you're not even going to get a chance to negotiate those things. I understand that the code as written works around that, by being able to open a new connection if it turns out that we need to negotiate that stuff after all, but IMHO that's rather confusing. -- Robert Haas EDB: http://www.enterprisedb.com
