On Sun, Aug 5, 2018 at 4:30 PM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > Well, it'd be useless for users, there is no reason to switch off channel > binding if both the client and server support it. It might not add any > security you care about, but it won't do any harm either. The > non-channel-binding codepath is still exercised with non-SSL connections.
Is that true? What if it makes a connection fail that you wanted to succeed? Suppose we discover a bug that makes connections using channel binding fail on Thursdays. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
