(There's, uh, a lot to respond to above and I'm trying to figure out how best to type up all of it.)
On Mon, May 13, 2024 at 9:13 AM Robert Haas <robertmh...@gmail.com> wrote: > However, > I disagree with Jacob's assertion that sslmode=require has no security > benefits over sslmode=prefer. For the record, I didn't say that... You mean Jelte's quote up above?: > sslmode=prefer and sslmode=require > are the same amount of insecure imho (i.e. extremely insecure). I agree that requiring passive security is tangibly better than allowing fallback to plaintext. I think Jelte's point might be better stated as, =prefer and =require give the same amount of protection against active attack (none). --Jacob
