Home > mailing lists

Re: Direct SSL connection and ALPN loose ends - Mailing list pgsql-hackers

From	Jacob Champion
Subject	Re: Direct SSL connection and ALPN loose ends
Date	June 17 19:23:09
Msg-id	CAOYmi+kzVAaRRwxukvcKr1h=xUiHcsXhZS7E_yDtYxFwHST_XQ@mail.gmail.com Whole thread Raw
In response to	Re: Direct SSL connection and ALPN loose ends (Heikki Linnakangas <hlinnaka@iki.fi>)
Responses	Re: Direct SSL connection and ALPN loose ends
List	pgsql-hackers

Tree view

On Mon, Jun 17, 2024 at 8:24 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> By "negotiation", which part of the protocol are we talking about
> exactly? In the middle of the TLS handshake? After sending the startup
> packet?

By "negotiation" I mean the server's response to the startup packet.
I.e. "supported"/"not supported"/"error".

> I think the behavior with v2 and v3 errors should be the same. And I
> think an immediate failure is appropriate on any v2/v3 error during
> negotiation, assuming we don't use those errors for things like "TLS not
> supported", which would warrant a fallback.

For GSS encryption, it was my vague understanding that older servers
respond with an error rather than the "not supported" indication. For
TLS, though, the decision in a49fbaaf (immediate failure) seemed
reasonable.

Thanks,
--Jacob

pgsql-hackers by date:

From: Andrew Dunstan
Date: 17 June, 19:21:10
Subject: Re: RFC: adding pytest as a supported test framework

From: Robert Haas
Date: 17 June, 19:24:46
Subject: Re: Avoid orphaned objects dependencies, take 3

Re: Direct SSL connection and ALPN loose ends - Mailing list pgsql-hackers

Previous

Next