On 12 apr 2009, at 11.13, Peter Eisentraut <peter_e@gmx.net> wrote:
> On Sunday 12 April 2009 01:58:26 Magnus Hagander wrote:
>> "sslmode=prefer" honestly makes no sense - if I don't care if it
>> ends up
>> encrypted or not (which it means), then why not just run with SSL off
>> and not have to deal with the overhead?
>
> Perhaps a large part of the problem at hand is in fact that the
> default is
> sslmode=prefer, which, if the server is set up with some snakeoil
> certificate,
> causes all these cn verification problems, when the user really
> didn't care in
> the first place.
>
> Another thing is that not all combinations of sslmode and sslverify
> make
> sense. If the user cares little about SSL ("allow", "prefer"), then
> insisting
> on a verifyable certificate is pointless.
Yeah, agreed.
> One random idea is to fold both of these settings into sslmode, with
> the
> following progression:
>
> disable, allow, prefer, require, require-cert, require-cn
>
> And then set the default to "disable", because as you say "prefer"
> is pretty
> silly. And then users can explictly choose which level of SSL-ness
> they want.
This is a different way to do bruces suggestion of a different
default. That's possibly even clearer. So I can definitely go with
this, but I think two different parameters makes it more clear and is
better.
And +1 for changing the default sslmode regardless of how we configure
ssl verification.
/Magnus