On 7/19/16 10:00 AM, Magnus Hagander wrote: > What could actually be useful there is to explicitly put hostnossl on > the localhost entries. With the current defaults on the clients, that > wouldn't break anything, and it would leave people without the > performance issues that you run into in the default deployments. And for > localhost it really does't make sense to encrypt -- for the local LAN > segment that can be argued, but for localhost...
But even on localhost you ideally want a way to confirm that the server you are connecting to is the right one, so you might want certificates. Plus the server might want certificates from the clients. (See also the occasional discussion about supporting SSL over Unix-domain sockets.)
There are definitely cases where it's useful. I'm only arguing for changing the default.