On 7/15/16 4:14 AM, Magnus Hagander wrote: > The entire "prefer" mode is a design flaw, that we unfortunately picked > as default mode. > > If it fails *for any reason*, it falls back to plaintext. Thus, you have > to assume it will make a plaintext connection. Thus, it gives you zero > guarantees, so it serves no actual purpose from a security perspective.
I could imagine a variant of "prefer" that tries SSL if available, but fails the connection if the SSL setup fails for some reason (e.g., certificates). That would be more similar to how browsers with HTTPS-Everywhere work. Modulo that, I don't think that "prefer" is a bad default. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers