On Fri, 2021-12-24 at 14:08 +, Keith Burdis wrote:
> Has consideration been given to having something like ssl-mode=tls-
> only where the SSLRequest message is skipped and the TLS handshake
> starts immediately with the protocol continuing after that?
From an implementation standpoint, I think
Keith Burdis writes:
> Has consideration been given to having something like ssl-mode=tls-only
> where the SSLRequest message is skipped and the TLS handshake starts
> immediately with the protocol continuing after that?
https://www.postgresql.org/message-id/flat/fcc3ebeb7f05775b63f3207ed52a54ea5
Servers that use sslmode=tls-only would not be compatible with clients
that do not yet support it, but that is same for any similar server-side
change, for example if the server requires a minimum of TLS 1.3 but the
client only supports TLS 1.2.
IIUC with the default sslmode=prefer a client curre
On 12/24/21 09:08, Keith Burdis wrote:
> From 53.2.9. SSL Session Encryption:
>
>
> When SSL encryption can be performed, the server is expected to
> send only the single S byte and then wait for the frontend to
> initiate an SSL handshake. If additional bytes are available to
>
>From 53.2.9. SSL Session Encryption:
> When SSL encryption can be performed, the server is expected to send only
> the single S byte and then wait for the frontend to initiate an SSL
> handshake. If additional bytes are available to read at this point, it
> likely means that a man-in-the-middle
