Re: sslmode=require fallback

Поиск
Список
Период
Сортировка
От Greg Stark
Тема Re: sslmode=require fallback
Дата
Msg-id CAM-w4HMpt88FacB=EU9MqUpSdmknAGHum-dyC7U1BSWYjLzc4A@mail.gmail.com
обсуждение исходный текст
Ответ на sslmode=require fallback  (Jakob Egger <jakob@eggerapps.at>)
Ответы Re: sslmode=require fallback  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
<p dir="ltr">On 13 Jul 2016 9:28 pm, "Tom Lane" <<a href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>>
wrote:<br/> ><br /> > Robert Haas <<a href="mailto:robertmhaas@gmail.com">robertmhaas@gmail.com</a>>
writes:<br/> > > On Wed, Jul 13, 2016 at 3:16 PM, Tom Lane <<a
href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>>wrote:<br /> > >> Robert Haas <<a
href="mailto:robertmhaas@gmail.com">robertmhaas@gmail.com</a>>writes:<br /> > >>> Suppose we changed the
defaultto "require".  How crazy would that be?<br /> ><br /> > >> You mean, aside from the fact that it
breaksevery single installation<br /> > >> that hasn't configured with SSL?<br /> ><br /> > > No,
includingthat.<p dir="ltr">Well what's required to "configure SSL" anyways? If you don't have verify-ca set or a root
canalcert present then the server just needs a certificate -- any certificate. Can the server just cons one up on
demand(or server startup or initdb)?<p dir="ltr">Yes, that would not help with active MITM attacks but at least removes
anychance that people are unknowingly using an unencrypted connection vulnerable to passive sniffers. <br />

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andres Freund
Дата:
Сообщение: Re: Improving executor performance
Следующее
От: Tom Lane
Дата:
Сообщение: Re: sslmode=require fallback