Home > mailing lists

Re: Refuse SSL patch - Mailing list pgsql-patches

From	Bruno Wolff III
Subject	Re: Refuse SSL patch
Date	January 7, 2003 14:21:24
Msg-id	20030107163251.GA12972@wolff.to Whole thread Raw
In response to	Re: Refuse SSL patch (Jon Jensen <jon@endpoint.com>)
Responses	Re: Refuse SSL patch (Tom Lane <tgl@sss.pgh.pa.us>) Re: Refuse SSL patch (Jon Jensen <jon@endpoint.com>)
List	pgsql-patches

Tree view

On Tue, Jan 07, 2003 at 16:04:45 +0000,
  Jon Jensen <jon@endpoint.com> wrote:
>
> 1. The client always tries to connect via SSL if SSL support was compiled
> in. There is no way to change this presently.
> 2. If the server can do SSL *at all*, it negotiates an SSL connection with
> the client.

Can't you use a "reject" hostssl line in hba.conf to keep SSL connections
from working for particular IP addresses? Does the client not fall back
in this case?

pgsql-patches by date:

From: Jon Jensen
Date: 07 January 2003, 14:05:24
Subject: Re: Refuse SSL patch

From: Tom Lane
Date: 07 January 2003, 14:39:13
Subject: Re: Refuse SSL patch

Re: Refuse SSL patch - Mailing list pgsql-patches

Previous

Next