Re: sslmode=require fallback

<p dir="ltr">On 13 Jul 2016 9:28 pm, "Tom Lane" <<a href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>>
wrote:<br/> ><br /> > Robert Haas <<a href="mailto:robertmhaas@gmail.com">robertmhaas@gmail.com</a>>
writes:<br/> > > On Wed, Jul 13, 2016 at 3:16 PM, Tom Lane <<a
href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>>wrote:<br /> > >> Robert Haas <<a
href="mailto:robertmhaas@gmail.com">robertmhaas@gmail.com</a>>writes:<br /> > >>> Suppose we changed the
defaultto "require".  How crazy would that be?<br /> ><br /> > >> You mean, aside from the fact that it
breaksevery single installation<br /> > >> that hasn't configured with SSL?<br /> ><br /> > > No,
includingthat.<p dir="ltr">Well what's required to "configure SSL" anyways? If you don't have verify-ca set or a root
canalcert present then the server just needs a certificate -- any certificate. Can the server just cons one up on
demand(or server startup or initdb)?<p dir="ltr">Yes, that would not help with active MITM attacks but at least removes
anychance that people are unknowingly using an unencrypted connection vulnerable to passive sniffers. <br />