Re: Refuse SSL patch

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Jon Jensen <jon(at)endpoint(dot)com>
Cc: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Refuse SSL patch
Date: 2003-01-07 16:32:51
Message-ID: 20030107163251.GA12972@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

On Tue, Jan 07, 2003 at 16:04:45 +0000,
Jon Jensen <jon(at)endpoint(dot)com> wrote:
>
> 1. The client always tries to connect via SSL if SSL support was compiled
> in. There is no way to change this presently.
> 2. If the server can do SSL *at all*, it negotiates an SSL connection with
> the client.

Can't you use a "reject" hostssl line in hba.conf to keep SSL connections
from working for particular IP addresses? Does the client not fall back
in this case?

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Jon Jensen 2003-01-07 16:39:10 Re: Refuse SSL patch
Previous Message Lee Kindness 2003-01-07 16:12:26 Re: PostgreSQL libraries - PThread Support, but not use...