On Fri, Apr 6, 2012 at 18:43, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> True. I guess I was just assuming that JDBC (and npgsql i think?) were
>> using TLS - I would assume that to be the default in both Java and
>> .NET. We'd have to check that before making a change of course - and
>> I'm not convinced we need to make the change. But if we're making a
>> change to align those two with each other, that's the direction the
>> change should be in.
>
> Agreed, but should we align them? IIUC, changing the server would cause
> it to reject connections from old non-TLS-aware clients. Seems like
> that isn't a particularly good idea.
Well, it would be a good idea for those that want to be sure they're
using TLS for security reasons (tlsv1 is more secure than sslv3 - see
e.g. http://en.wikipedia.org/wiki/Transport_Layer_Security#Security).
We could also add a server parameter saying ssl_tls_only or something
like that which would switch it...
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
