Re: [HACKERS] RE: [INTERFACES] Re: SSL patch

"Ansley, Michael" wrote:
>
> Why does anything need to be broken if a different port is used? Same way
> as web browsers use 80 for clear http, and 443 (by default) for SSL. But a
> server cannot dish up http and https on the same port.

Actually you are free to use HTTPS on 80 and HTTP on 443 if you wish.

There is nothing at the protocol level that makes it impossible.
At least on Apache-mod_ssl you have to explicitly disable non-SSL
connections on 443 if you don't want them

> Then the whole
> compatibility issue falls away. Think of it as using 'pgsql' for clear
> connections, and 'pgsqls' for SSL connections. This way, a post-6.6 client
> can still connecct to a pre-6.6 server, using 'pgsql', a pre-6.6 client can
> connect to a post-6.6 server using 'pgsql', and a post-6.6 client can
> connect to a post-6.6 server using 'pgsql', or 'pgsqls'.
>
> Or is there an issue using different ports?

Not to scare anyone away (I like crypto !;), but isn't it illegal to
have SSL
in an exportable product in US.

I guess this should be kept in a separate patch distributed from an
non-US site
until US government wisens up.

I'd really hate to have to fill some 'us-citizen verificatiohn form' to
download
the latest snapshot.

-----
Hannu