On Tue, Jun 30, 2026 at 1:28 PM Jelte Fennema-Nio <[email protected]> wrote: > > (To > > put it another way: clients and servers don't have to support that in > > order to claim protocol 3.0 compliance.) > > Based on my reading of the protocol docs[1] that's not the case.
IMNSHO: 1) the protocol docs serve the community, not the other way 'round, and 2) I don't think an observational description of what the server does today should be used as evidence that all Postgres-compatible servers MUST do the same. (Heikki's welcome to jump in here and correct me, but if we'd intended this to be a retroactively mandatory feature for all 3.0 implementations -- which I don't recall being part of the deal when the patchset went in -- it should have been backported, no? Contrast NegotiateProtocolVersion, which does absolutely belong in this list.) > I think it would be a shame if there will never be a point when we can > make clients default to sslmode=direct. Luckily I think that discussion can probably sidestep any hypothetical plan to drop support for servers that can't speak direct-TLS. See also the SVCB discussion and the libpqrc discussion. > But if you think it should be > an optional feature, then the current docs should definitely be > clarified in that respect. Works for me; I'm generally happy to commit clarifications. --Jacob
