Re: Refuse SSL patch
| От | Jon Jensen |
|---|---|
| Тема | Re: Refuse SSL patch |
| Дата | |
| Msg-id | Pine.LNX.4.50.0301071631320.19672-100000@louche.swelter.net обсуждение исходный текст |
| Ответ на | Re: Refuse SSL patch (Bruno Wolff III <bruno@wolff.to>) |
| Список | pgsql-patches |
On Tue, 7 Jan 2003, Bruno Wolff III wrote: > On Tue, Jan 07, 2003 at 16:04:45 +0000, > Jon Jensen <jon@endpoint.com> wrote: > > > > 1. The client always tries to connect via SSL if SSL support was compiled > > in. There is no way to change this presently. > > 2. If the server can do SSL *at all*, it negotiates an SSL connection with > > the client. > > Can't you use a "reject" hostssl line in hba.conf to keep SSL connections > from working for particular IP addresses? Does the client not fall back > in this case? No, the client doesn't fall back if it makes a successful connection to the server in SSL mode, but the server denies access. It only falls back if the server can't do SSL at all. And in any case, that still wouldn't allow me to decide on the client side whether I want SSL or not, on a per-connection basis, because the client always chooses SSL. Jon
В списке pgsql-patches по дате отправления: