Re: sslmode=secure by default (Re: Making sslrootcert=system work on Windows psql)
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Peter Eisentraut <peter@eisentraut.org>
Cc: Christoph Berg <myon@debian.org>,
George MacKerron <george@mackerron.co.uk>, Daniel Gustafsson <daniel@yesql.se>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-04-24T16:45:50Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
doc: Clarify the system value for sslrootcert
- dda1b0603523 16.9 landed
- daa16893faa9 18.0 landed
- c88b36d382eb 17.5 landed
On Thu, Apr 24, 2025 at 5:00 AM Peter Eisentraut <peter@eisentraut.org> wrote: > I'm generally in favor of making sslmode=verify-full the effective > default somehow. +many On Thu, Apr 24, 2025 at 3:53 AM Christoph Berg <myon@debian.org> wrote: > For > postgresql://-style strings, we would ideally have something like http:// > vs https://, but I am not sure how to squeeze that into the syntax. Not to derail things too much, but I'd also like a postgress:// scheme, and I've put a little bit of idle thought into it. I think we'd want it to imply sslnegotiation=direct and sslrootcert=system (modulo the Windows discussion already in progress), and potentially make a bunch of stricter decisions about TLS settings to better match modern practice. The intent would be to have a "browser-strength" scheme for people who care more about security than about raw compatibility with older systems, because they're connecting to someone else's servers on the open Web. The hardest part, in my opinion, is that we'd have to start following the RFC concept of "authority". A URL of "postgress://example.com/db?host=evil.com&hostaddr=..." is outright dangerous, as is "postgress://example.com/db?sslmode=disable". So if there's interest in that scheme, I think it should remain a separate feature from "verify-full by default", because there's a lot more to figure out. --Jacob