On Tue, Jul 19, 2016 at 9:24 PM, Peter Eisentraut < peter.eisentr...@2ndquadrant.com> wrote:
> On 7/19/16 10:00 AM, Magnus Hagander wrote: > > What could actually be useful there is to explicitly put hostnossl on > > the localhost entries. With the current defaults on the clients, that > > wouldn't break anything, and it would leave people without the > > performance issues that you run into in the default deployments. And for > > localhost it really does't make sense to encrypt -- for the local LAN > > segment that can be argued, but for localhost... > > But even on localhost you ideally want a way to confirm that the server > you are connecting to is the right one, so you might want certificates. > Plus the server might want certificates from the clients. (See also the > occasional discussion about supporting SSL over Unix-domain sockets.) > > There are definitely cases where it's useful. I'm only arguing for changing the default. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/