On 13 Jul 2016 9:28 pm, "Tom Lane" <t...@sss.pgh.pa.us> wrote: > > Robert Haas <robertmh...@gmail.com> writes: > > On Wed, Jul 13, 2016 at 3:16 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > >> Robert Haas <robertmh...@gmail.com> writes: > >>> Suppose we changed the default to "require". How crazy would that be? > > >> You mean, aside from the fact that it breaks every single installation > >> that hasn't configured with SSL? > > > No, including that.
Well what's required to "configure SSL" anyways? If you don't have verify-ca set or a root canal cert present then the server just needs a certificate -- any certificate. Can the server just cons one up on demand (or server startup or initdb)? Yes, that would not help with active MITM attacks but at least removes any chance that people are unknowingly using an unencrypted connection vulnerable to passive sniffers.