On Fri, 2021-12-24 at 14:08 +0000, Keith Burdis wrote:
> Has consideration been given to having something like ssl-mode=tls-
> only where the SSLRequest message is skipped and the TLS handshake
> starts immediately with the protocol continuing after that?
From an implementation standpoint, I think I'd prefer to keep sslmode
independent from the new implicit-TLS setting, so that any existing
deployments can migrate to the new handshake without needing to change
their certificate setup. (That said, any sslmodes weaker than `require`
would be incompatible with the new setting.)
--Jacob