Postgres Pro
Downloads
Home   >   mailing lists

Re: sslmode patch - Mailing list pgsql-patches

From Jon Jensen
Subject Re: sslmode patch
Date
Msg-id Pine.LNX.4.50.0307011954010.1200-100000@louche.swelter.net
Whole thread Raw
In response to Re: sslmode patch  (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses Re: sslmode patch  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-patches
Tree view 
On Tue, 1 Jul 2003, Bruce Momjian wrote:

> > To sum up, there's a new client parameter "sslmode" and environment
> > variable "PGSSLMODE", with these options:
> >
> > sslmode   description
> > -------   -----------
> > prevent   Unencrypted non-SSL only
>
> I think the word 'never' would be more appropriate than 'prevent'.

That sounds fine to me, though it breaks with the pattern of all four
option words being verbs, allowing the user to think "I want to *** SSL
mode for this connect."

> > The only change to the server is a new pg_hba.conf line type,
> > "hostnossl", for specifying connections that are not allowed to use SSL
>
> Should this be 'hostneverssl'?  Nossl implies to me that the host
> doesn't have SSL, which really isn't the issue.

Well, perhaps. But by that logic, "hostssl" would imply that the client
only will do SSL, which the server can't know. Since the server doesn't
know anything about the client ahead of time, I don't read anything into
it. I just think:

    host = apply this line for any kind of connection,
    hostssl = apply this line only to SSL connections, and
    hostnossl = apply this line only to non-SSL connections.

It's unfortunate there's not a more distinctive name for a "regular" or
"plain" or "unencrypted" connection than "no SSL", but I don't think it's
too big of a deal.

> Are out defaults right, that we prefer SSL if client and server can do
> it?  And now have hostnossl(or hostneverssl) to turn it off?

Yes, I think the defaults are good. Users who don't bother to read the
docs will end up with secured connections, which is good, and users
seeking to avoid the SSL overhead can then read the docs and learn how,
and consider how secure their network really is. :)

> I think we can get this into 7.4.

That would be great. It would be good to hear someone else's take on the
above, and also on the code itself, since I'm not a C expert. I was unable
to build docs from SGML yesterday on my machine, and now that I got it to
work, I find I made some markup errors which I've corrected and can
resubmit whenever you're ready.

Jon

pgsql-patches by date:

Previous
From: Bruce Momjian
Date:
Subject: ecpg warning
Next
From: Bruce Momjian
Date:
Subject: Re: sslmode patch