Change default sslmode from "require" to "prefer"#1271
Open
Conversation
arp242 force-pushed the sslmode-default branch 4 times, most recently from 7433062 to f760982 Compare Now that sslmode=prefer is supported, we can use that as the default. "prefer" is the default used by libpq, pgx, and pretty much anything else connecting to PostgreSQL. I can't really find anything else that uses "require" as a default. You could argue that "require" is a better default, but: 1. "require" doesn't actually verify the certificates and accepts any certificate. I wouldn't say it's completely useless for production systems, but it does seem useless-adjacent. If you want SSL, you almost always want "verify-ca" or "verify-full". 2. Copy/pasting a connection string used by pq to something else will mean you silently drop the ssl so it's a very brittle default. 3. It's an annoying default because copy pasting a connection string from anything else to pq doesn't work. pq has used "require" as a default for a long time, but because it's such a brittle default that's easy to lose by using $anything_else I think it's okay to change. I will leave this open for a bit before merging, so if anyone objects it can be re-considered.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Now that sslmode=prefer is supported, we can use that as the default.
"prefer" is the default used by libpq, pgx, and pretty much anything else connecting to PostgreSQL. I can't really find anything else that uses "require" as a default.
You could argue that "require" is a better default, but:
"require" doesn't actually verify the certificates and accepts any certificate. I wouldn't say it's completely useless for production systems, but it does seem useless-adjacent. If you want SSL, you almost always want "verify-ca" or "verify-full".
Copy/pasting a connection string used by pq to something else will mean you silently drop the ssl so it's a very brittle default.
It's an annoying default because copy pasting a connection string from anything else to pq doesn't work.
pq has used "require" as a default for a long time, but because it's such a brittle default that's easy to lose by using $anything_else I think it's okay to change.
I will leave this open for a bit before merging, so if anyone objects it can be re-considered.