On Tue, 30 Jun 2026 at 18:49, Jacob Champion <[email protected]> wrote: > ("9.3.21 and later" is misleading, > though; see a60a10338 and its thread.)
That's fair. we can add all the minor versions in that list > (To > put it another way: clients and servers don't have to support that in > order to claim protocol 3.0 compliance.) Based on my reading of the protocol docs[1] that's not the case. They (currently) fairly clearly state that this is part of the protocol, not some optional feature a server might implement (emphasis mine): > A second alternate way to initiate SSL encryption is available. *The server > will recognize* connections which immediately begin SSL negotiation without > any previous SSLRequest packets... I think it would be a shame if there will never be a point when we can make clients default to sslmode=direct. But if you think it should be an optional feature, then the current docs should definitely be clarified in that respect. > or link to the "protocol-flow-ssl" id in the docs. I think that's a good idea regardless. [1]: https://www.postgresql.org/docs/current/protocol-flow.html#PROTOCOL-FLOW-SSL
