On Sat, 9 Dec 2023 at 04:06, <[email protected]> wrote: > I'm not familiar with how the pgsql module is set up, so there > may be some magic going on that needs to be worked around. If you're > trying to attempt some sort of conditional TLS ala STARTTLS, you might > find that handshaking doesn't work until the underlying file thinks > there's some data to read.
Yes, it is. After establishing a socket connection, the Postgres client either sends a version request (to initiate an unencrypted connection), or a special "please encrypt" packet, to which the server will either respond yea or nay. After that, a regular TLS handshake begins (starting with the ClientHello). ChrisA
