Oliver Jowett <oliver@opencloud.com> writes:
> Tom Lane wrote:
>> I'm not sure if this is desirable. Should libpq try to fall back to a
>> non-SSL-encrypted connection, instead?
> Only if the server certificate validates, otherwise an active attacker
> could intercept the SSL connection to force libpq to fall back to
> non-SSL and then intercept the unencrypted/unauthenticated connection.
The problem case is where there are no SSL support files, and so the client
isn't going to be able to validate the server cert anyway. So the above
doesn't seem real helpful...
Basically my point here is that the default "prefer" SSL mode
effectively becomes "require" if the server has a root.crt.
regards, tom lane