Re: sslmode patch - Mailing list pgsql-patches
| From | Bruce Momjian |
|---|---|
| Subject | Re: sslmode patch |
| Date | |
| Msg-id | 200307012016.h61KGHZ05745@candle.pha.pa.us Whole thread Raw |
| In response to | Re: sslmode patch (Jon Jensen <jon@endpoint.com>) |
| List | pgsql-patches |
Jon Jensen wrote: > On Tue, 1 Jul 2003, Bruce Momjian wrote: > > > > To sum up, there's a new client parameter "sslmode" and environment > > > variable "PGSSLMODE", with these options: > > > > > > sslmode description > > > ------- ----------- > > > prevent Unencrypted non-SSL only > > > > I think the word 'never' would be more appropriate than 'prevent'. > > That sounds fine to me, though it breaks with the pattern of all four > option words being verbs, allowing the user to think "I want to *** SSL > mode for this connect." Good point, how about "disable". My point in objecting to "prevent" is that you don't really "prevent" a mode, I think. > > > The only change to the server is a new pg_hba.conf line type, > > > "hostnossl", for specifying connections that are not allowed to use SSL > > > > Should this be 'hostneverssl'? Nossl implies to me that the host > > doesn't have SSL, which really isn't the issue. > > Well, perhaps. But by that logic, "hostssl" would imply that the client > only will do SSL, which the server can't know. Since the server doesn't > know anything about the client ahead of time, I don't read anything into > it. I just think: > > host = apply this line for any kind of connection, > hostssl = apply this line only to SSL connections, and > hostnossl = apply this line only to non-SSL connections. > > It's unfortunate there's not a more distinctive name for a "regular" or > "plain" or "unencrypted" connection than "no SSL", but I don't think it's > too big of a deal. Yes, hostnossl is probably best. > > Are out defaults right, that we prefer SSL if client and server can do > > it? And now have hostnossl(or hostneverssl) to turn it off? > > Yes, I think the defaults are good. Users who don't bother to read the > docs will end up with secured connections, which is good, and users > seeking to avoid the SSL overhead can then read the docs and learn how, > and consider how secure their network really is. :) Good. > > I think we can get this into 7.4. > > That would be great. It would be good to hear someone else's take on the > above, and also on the code itself, since I'm not a C expert. I was unable > to build docs from SGML yesterday on my machine, and now that I got it to > work, I find I made some markup errors which I've corrected and can > resubmit whenever you're ready. Tom agrees on the 7.4 target. The docs can be done later, even during beta, though we discourage waiting that long. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
pgsql-patches by date: