On Fri, Apr 6, 2012 at 18:43, Tom Lane <t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> True. I guess I was just assuming that JDBC (and npgsql i think?) were >> using TLS - I would assume that to be the default in both Java and >> .NET. We'd have to check that before making a change of course - and >> I'm not convinced we need to make the change. But if we're making a >> change to align those two with each other, that's the direction the >> change should be in. > > Agreed, but should we align them? IIUC, changing the server would cause > it to reject connections from old non-TLS-aware clients. Seems like > that isn't a particularly good idea.
Well, it would be a good idea for those that want to be sure they're using TLS for security reasons (tlsv1 is more secure than sslv3 - see e.g. http://en.wikipedia.org/wiki/Transport_Layer_Security#Security). We could also add a server parameter saying ssl_tls_only or something like that which would switch it... -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
