PostgreSQL TCP connection SSL mode notes
========================================

The numbers are SSL mode numbers originally proposed by Magnus Hagander
<mha@sollentuna.net> on 2000-08-23 in email to pgsql-hackers, archived
here:

http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php

My original patch and the ensuing thread are archived at:

http://dbforums.com/t623845.html

Client SSL modes available
--------------------------

#   sslmode   description
-   -------   -----------
0   prevent   Unencrypted non-SSL only   (or: refuse)
1   allow     Negotiate, prefer non-SSL  (or: accept, tolerate; or: avoid, suffer, repress, discourage)
2   prefer    Negotiate, prefer SSL (default)
3   require   Require SSL

Client control
--------------
Environment variable: PGSSLMODE
Connection string parameter: sslmode
Internal connection struct member: conn->sslmode
Backward compatibility:
  PGREQUIRESSL/requiressl means sslmode=3, but emit warning message that it's deprecated

Server control
--------------
postgresql.conf unchanged:
  tcpip_socket = true
  ssl = true

pg_hba.conf line types
----------------------
host       applies to either SSL or regular connections
hostssl    applies only to SSL connections
hostnossl  applies only to regular connections
