On Sun, Aug 5, 2018 at 4:30 PM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> Well, it'd be useless for users, there is no reason to switch off channel
> binding if both the client and server support it. It might not add any
> security you care about, but it won't do any harm either. The
> non-channel-binding codepath is still exercised with non-SSL connections.
Is that true? What if it makes a connection fail that you wanted to
succeed? Suppose we discover a bug that makes connections using
channel binding fail on Thursdays.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company