Dear Tom,
> When I wrote that, I was trying to assume as little as possible about
> the SSL protocol. The only way there could be a problem is if the
> server is first to send during the SSL negotiation handshake; which
> seems odd but not impossible. Anyone know for sure?
As for the RFC, the client is the first to speak. In the server handcheck
response (server hello), the server must tell what version of the protocol
is to be used (best that it knows of, ceiled by the client version),
whether it accepts the previous session of the client and what algorithms
are chosen among those suggested by the client.
ISTM that this cannot be sent before the client hello message is
received... or the server does not really implement SSL.
Now if you connect to some other server with some other protocol, that is
another issue... Also, I do not know how the postgresql protocol interacts
with SSL... I guess the server waits for the first packet to decided
whether it is a SSL connection or a non-SSL connection?
My 0.02 EUR.
Have a nice day,
--
Fabien Coelho - coelho@cri.ensmp.fr