Re: sslmode=secure by default (Re: Making sslrootcert=system work on Windows psql)

Peter Eisentraut <peter@eisentraut.org>

From: Peter Eisentraut <peter@eisentraut.org>
To: Christoph Berg <myon@debian.org>, George MacKerron <george@mackerron.co.uk>, Daniel Gustafsson <daniel@yesql.se>, Jacob Champion <jacob.champion@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-04-24T12:00:25Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. doc: Clarify the system value for sslrootcert

On 24.04.25 12:53, Christoph Berg wrote:
> Now you can say `psql -h db.example.com -p 5433 dbfoo`, but for
> specifying the sslmode, you have to rewrite at least the last argument
> to use connection string syntax, `psql "dbname=dbfoo sslmode=verify-full`.
> This needs be be less cumbersome. (And the names of the options make
> me want to stay away from them, require/verify-ca/verify-full/verify-confusing.
> Your sslmode=secure idea is really good.)

I'm generally in favor of making sslmode=verify-full the effective 
default somehow.

Another detail to think about is how this affects psql -h localhost.  In 
principle, this should require full SSL, but you're probably not going 
to have certificates that allow "localhost".  And connections to 
localhost are the default on Windows.  We could also switch the Windows 
default to Unix-domain sockets.  But there are probably still other 
reasons why connections to TCP/IP localhost are made.  Some things to 
think about.