| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Jakob Egger <jakob(at)eggerapps(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sslmode=require fallback |
| Date: | 2016-07-15 03:10:56 |
| Message-ID: | 9b6957d8-ee16-d205-e5a3-ff3273dcae1e@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 7/13/16 4:11 PM, Robert Haas wrote:
> On Thu, Jun 16, 2016 at 3:42 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> You would think so.
>>
>> The default mode of "prefer" is ridiculous in a lot of ways. If you are
>> using SSL in any shape or form you should simply not use "prefer". That's
>> really the only answer at this point, unfortunately.
>
> Suppose we changed the default to "require". How crazy would that be?
If we think that that is appropriate, should we not also change the
default pg_hba.conf to hostssl lines?
I'm not convinced either of these would go over well.
The original complaint was not actually that "prefer" is a bad default,
but that in the presence of a root certificate on the client, a
certificate validation failure falls back to plain text. That seems
like a design flaw of the "prefer" mode, no matter whether it is the
default or not.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2016-07-15 03:41:21 | Re: Improving executor performance - tidbitmap |
| Previous Message | Peter Eisentraut | 2016-07-15 02:51:17 | Re: trivia: cancel{,l}{ed,ing,ation} |