Re: sslmode=require fallback

On 7/13/16 4:11 PM, Robert Haas wrote:
> On Thu, Jun 16, 2016 at 3:42 AM, Magnus Hagander <magnus@hagander.net> wrote:
>> You would think so.
>>
>> The default mode of "prefer" is ridiculous in a lot of ways. If you are
>> using SSL in any shape or form you should simply not use "prefer". That's
>> really the only answer at this point, unfortunately.
> 
> Suppose we changed the default to "require".  How crazy would that be?

If we think that that is appropriate, should we not also change the
default pg_hba.conf to hostssl lines?

I'm not convinced either of these would go over well.

The original complaint was not actually that "prefer" is a bad default,
but that in the presence of a root certificate on the client, a
certificate validation failure falls back to plain text.  That seems
like a design flaw of the "prefer" mode, no matter whether it is the
default or not.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services