On Wed, 3 Dec 2025 at 17:57, Heikki Linnakangas <[email protected]> wrote: > > I really want to make it possible for anyone who don't want SNI to keep > > using > > postgresql.conf and get the exact behavior they've always had. Do you agree > > with that design goal? > > Yeah, that's fair.
What if we make it so that if a pg_hosts.conf file exists, then the ssl_cert_file/ssl_key_file configs are ignored? And by default initdb would not create a file (or it would, but with the same default settings that we have now). Then we don't need the new GUC. Basically it would be: 1. If the file does not exist, use the "off" behaviour 2. If the file exists, use the "strict" behaviour
