On Tue, 30 Jun 2026 at 18:49, Jacob Champion
<[email protected]> wrote:
> ("9.3.21 and later" is misleading,
> though; see a60a10338 and its thread.)

That's fair. we can add all the minor versions in that list

> (To
> put it another way: clients and servers don't have to support that in
> order to claim protocol 3.0 compliance.)

Based on my reading of the protocol docs[1] that's not the case. They
(currently) fairly clearly state that this is part of the protocol,
not some optional feature a server might implement (emphasis mine):

> A second alternate way to initiate SSL encryption is available. *The server 
> will recognize* connections which immediately begin SSL negotiation without 
> any previous SSLRequest packets...

I think it would be a shame if there will never be a point when we can
make clients default to sslmode=direct. But if you think it should be
an optional feature, then the current docs should definitely be
clarified in that respect.

> or link to the "protocol-flow-ssl" id in the docs.

I think that's a good idea regardless.

[1]: 
https://www.postgresql.org/docs/current/protocol-flow.html#PROTOCOL-FLOW-SSL


Reply via email to