It would be great if PostgreSQL supported 'start with TLS', however, how could clients activate the feature?
I would like to refrain users from configuring the handshake mode, and I would like to refrain from degrading performance when a new client talks to an old database.
What if the server that supports 'fast TLS' added an extra notification in case client connects with a classic TLS?
Then a capable client could remember host:port and try with newer TLS appoach the next time it connects.
It would be transparent to the clients, and the users won't need to configure 'prefer classic or fast TLS'
The old clients could discard the notification.
Vladimir
--