On Thu, Jul 12, 2018 at 11:26:30AM +0300, Heikki Linnakangas wrote: > It seems that all implementations can support tls-server-end-point, after > all, so I'm not too worried about this anymore. The spec says that it's the > default, but I don't actually see any advantage to using it over > tls-server-end-point. I think the main reason for tls-unique to exist is > that it doesn't require the server to have a TLS certificate, but PostgreSQL > requires that anyway.
Er. My memories about the spec are a bit different: tls-unique must be implemented and is the default. [ ... digging ... ] Here you go: https://tools.ietf.org/html/rfc5802#section-6.1 -- Michael
signature.asc
Description: PGP signature
