Magnus Hagander <magnus@hagander.net> writes:
> Patch also changes the default from "prefer" to "disable", per discussion.
I confess to not having paid attention to this thread for awhile.
I have to violently object to this conclusion --- it is throwing the
baby out with the bathwater. Under the pretense of being "secure by
default" it will in fact make things *less* secure. A minimum
requirement in my view is that existing configurations should continue
to work and be no less secure than before. Having a connection that
was encrypted in 8.3 silently become clear-text after installing 8.4
is just plain NOT acceptable.
I think the patch would be fine if we simply keep the default where
it is, however. Is there some point I am missing that compels
selection of a less-secure default?
regards, tom lane