Casey & Gina <cg@osss.net> writes:
> So why can't I use SSL when connecting from a client to a UNIX socket?
(1) It'd add overhead without adding any security. Data going through
a UNIX socket will only pass through the local kernel, and if that's
compromised then it's game over anyway.
(2) I'm less sure about this part, but I seem to recall that openssl
doesn't actually work if given a UNIX socket.
Maybe there are reasons why those arguments are obsolete, but you
haven't presented any.
regards, tom lane