On Tue, Jun 30, 2026 at 1:28 PM Jelte Fennema-Nio <[email protected]> wrote:
> > (To
> > put it another way: clients and servers don't have to support that in
> > order to claim protocol 3.0 compliance.)
>
> Based on my reading of the protocol docs[1] that's not the case.

IMNSHO:
1) the protocol docs serve the community, not the other way 'round, and
2) I don't think an observational description of what the server does
today should be used as evidence that all Postgres-compatible servers
MUST do the same.

(Heikki's welcome to jump in here and correct me, but if we'd intended
this to be a retroactively mandatory feature for all 3.0
implementations -- which I don't recall being part of the deal when
the patchset went in -- it should have been backported, no? Contrast
NegotiateProtocolVersion, which does absolutely belong in this list.)

> I think it would be a shame if there will never be a point when we can
> make clients default to sslmode=direct.

Luckily I think that discussion can probably sidestep any hypothetical
plan to drop support for servers that can't speak direct-TLS. See also
the SVCB discussion and the libpqrc discussion.

> But if you think it should be
> an optional feature, then the current docs should definitely be
> clarified in that respect.

Works for me; I'm generally happy to commit clarifications.

--Jacob


Reply via email to