Thread: sslmode=prefer v.s. sslmode=verify-ca

sslmode=prefer v.s. sslmode=verify-ca

Bastiaan Olij
Hi All,

According to the documentation
For backwards compatibility reasons sslmode=require works the same as
sslmode=verify-ca if a root certificate is put into place.
From what I can tell sslmode=prefer seems to react the same.

As I have both servers with valid certificates, and one or two test
servers with just self signed certificates I'm running into a snag. As
soon as I put my root certificate in place I can log onto the servers
with valid certificates just fine, I'm using sslmode=verify-full here even.
But when I try to connect to my test servers, even though I've set
sslmode=prefer, it won't allow me to connect over SSL. Only when I
remove my root certificate file am I allowed in.

Obviously I can create valid certificates for my test servers but some
of the servers I need to connect to aren't fully under my control.

Has anyone run into this before?


Bastiaan Olij