Re: sslmode=require fallback
| От | Magnus Hagander |
|---|---|
| Тема | Re: sslmode=require fallback |
| Дата | |
| Msg-id | CABUevEw7dCGHQiXZ-98K-d-KH9-nv7LP0M_kGirf544X9=P2XQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: sslmode=require fallback (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>) |
| Ответы |
Re: sslmode=require fallback
|
| Список | pgsql-hackers |
On Tue, Jul 19, 2016 at 9:24 PM, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
On 7/19/16 10:00 AM, Magnus Hagander wrote:
> What could actually be useful there is to explicitly put hostnossl on
> the localhost entries. With the current defaults on the clients, that
> wouldn't break anything, and it would leave people without the
> performance issues that you run into in the default deployments. And for
> localhost it really does't make sense to encrypt -- for the local LAN
> segment that can be argued, but for localhost...
But even on localhost you ideally want a way to confirm that the server
you are connecting to is the right one, so you might want certificates.
Plus the server might want certificates from the clients. (See also the
occasional discussion about supporting SSL over Unix-domain sockets.)
There are definitely cases where it's useful. I'm only arguing for changing the default.
В списке pgsql-hackers по дате отправления: