Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Magnus Hagander <magnus@hagander.net> writes:
> Patch also changes the default from "prefer" to "disable", per discussion.

I confess to not having paid attention to this thread for awhile.
I have to violently object to this conclusion --- it is throwing the
baby out with the bathwater.  Under the pretense of being "secure by
default" it will in fact make things *less* secure.  A minimum
requirement in my view is that existing configurations should continue
to work and be no less secure than before.  Having a connection that
was encrypted in 8.3 silently become clear-text after installing 8.4
is just plain NOT acceptable.

I think the patch would be fine if we simply keep the default where
it is, however.  Is there some point I am missing that compels
selection of a less-secure default?

            regards, tom lane