Re: sslmode=secure by default (Re: Making sslrootcert=system work on Windows psql)

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Jelte Fennema-Nio <postgres@jeltef.nl>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Peter Eisentraut <peter@eisentraut.org>, Christoph Berg <myon@debian.org>, George MacKerron <george@mackerron.co.uk>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-04-25T13:04:25Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. doc: Clarify the system value for sslrootcert

> On 25 Apr 2025, at 00:16, Jelte Fennema-Nio <postgres@jeltef.nl> wrote:

> Let me derail some more, while we're at it I think it would be good to
> add tls-prefixed aliases for all our ssl options. Like tlscert/tlskey.
> Since such a new postgress:// scheme would be totally new, maybe we
> can even disallow the ssl prefixed ones there.

I think that would be a mistake, 'SSL' has long lost its original meaning and
is now interpreted to be an umbrella term for "secure connections with
certificates and things".  Sticking to ssl_* will most likely be the least
confusing for our users.

--
Daniel Gustafsson