Re: sslmode patch

Jon Jensen wrote:
> On Tue, 1 Jul 2003, Bruce Momjian wrote:
>
> > > To sum up, there's a new client parameter "sslmode" and environment
> > > variable "PGSSLMODE", with these options:
> > >
> > > sslmode description
> > > ------- -----------
> > > prevent Unencrypted non-SSL only
> >
> > I think the word 'never' would be more appropriate than 'prevent'.
>
> That sounds fine to me, though it breaks with the pattern of all four
> option words being verbs, allowing the user to think "I want to *** SSL
> mode for this connect."

Good point, how about "disable". My point in objecting to "prevent" is
that you don't really "prevent" a mode, I think.

> > > The only change to the server is a new pg_hba.conf line type,
> > > "hostnossl", for specifying connections that are not allowed to use SSL
> >
> > Should this be 'hostneverssl'? Nossl implies to me that the host
> > doesn't have SSL, which really isn't the issue.
>
> Well, perhaps. But by that logic, "hostssl" would imply that the client
> only will do SSL, which the server can't know. Since the server doesn't
> know anything about the client ahead of time, I don't read anything into
> it. I just think:
>
> host = apply this line for any kind of connection,
> hostssl = apply this line only to SSL connections, and
> hostnossl = apply this line only to non-SSL connections.
>
> It's unfortunate there's not a more distinctive name for a "regular" or
> "plain" or "unencrypted" connection than "no SSL", but I don't think it's
> too big of a deal.

Yes, hostnossl is probably best.

> > Are out defaults right, that we prefer SSL if client and server can do
> > it? And now have hostnossl(or hostneverssl) to turn it off?
>
> Yes, I think the defaults are good. Users who don't bother to read the
> docs will end up with secured connections, which is good, and users
> seeking to avoid the SSL overhead can then read the docs and learn how,
> and consider how secure their network really is. :)

Good.

> > I think we can get this into 7.4.
>
> That would be great. It would be good to hear someone else's take on the
> above, and also on the code itself, since I'm not a C expert. I was unable
> to build docs from SGML yesterday on my machine, and now that I got it to
> work, I find I made some markup errors which I've corrected and can
> resubmit whenever you're ready.

Tom agrees on the 7.4 target. The docs can be done later, even during
beta, though we discourage waiting that long.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073