On Wed, Nov 29, 2017 at 2:41 AM, Robert Haas <robertmh...@gmail.com> wrote: > On Tue, Nov 28, 2017 at 11:10 AM, Peter Eisentraut > <peter.eisentr...@2ndquadrant.com> wrote: >> I also wonder whether there should be a mechanism to turn off channel >> binding from the client. Right now, there is no way to test the >> non-PLUS mechanism in an SSL build. > > I think that would be a good thing to have.
Sure. How do we shape that though? I would think about an extra option for a scram-sha-256 entry with channel-binding=on|off|choice, choice being what is currently on HEAD with letting the client decide to use it or not. -- Michael