Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s5pAj-008OOj-64 for pgsql-general@arkaria.postgresql.org; Sat, 11 May 2024 16:02:05 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s5pAh-0060yh-Hq for pgsql-general@arkaria.postgresql.org; Sat, 11 May 2024 16:02:03 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s5pAh-0060yR-7X for pgsql-general@lists.postgresql.org; Sat, 11 May 2024 16:02:03 +0000 Received: from mail-yb1-xb35.google.com ([2607:f8b0:4864:20::b35]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s5pAe-000Ww4-0x for pgsql-general@lists.postgresql.org; Sat, 11 May 2024 16:02:02 +0000 Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-dc6dcd9124bso2823932276.1 for ; Sat, 11 May 2024 09:02:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joeconway.com; s=google; t=1715443319; x=1716048119; darn=lists.postgresql.org; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:to:from:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=FECKQC798Np2lJRFX7mFWGzQ3cnuFnrakfjAZ4vfNbo=; b=KcD1i+HOMLxP6QabAXTfjxbQJzRWG4xN38ZHAvT6SvcNa0hnxgv5+CbPWMsp54Ewkp RGLQh3Bgv59HgFDRMTk+c7+lnxqRxwpUeMA7xXqEHE5QZ90lfvtKL6GGCSYtJ8E6F4qo Q34v8Lho3GaBhkYpVCN7qXNYW9sILIu71nv4Oavuomldb9+ezpmtehnk8xeNT7enSRAH ctExpCk56pyxT8jFo6e9EDk+KkIX7CJRrAHglOB5LHiixO6xr3ILmKCA7Px7MwxclPp+ TellnSvjm9yrwbpmiGErTtejT7iaunZLSmIQtJD8vJAIoIzyJPTdmLTzHVXqujN6ddmc ZEHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715443319; x=1716048119; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:to:from:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FECKQC798Np2lJRFX7mFWGzQ3cnuFnrakfjAZ4vfNbo=; b=gDhrB6Om8xulJRZN01ENU160vW+ctUB9+reDYxlnhFfSApgfBFhWht6JxdazDmxRGi QKDwPIvCO+xu85uoBlv+UyPtTUmb4e6r/m7IxxlWUjAXfSK6tUhVy8ETTNpXV/4RytSQ Mc2TblrGatxnKoQfNBoaLrTC5QwOldTKEjLYopHPOZnMdH+3ZCstD4fOkiuy9ftXneLJ 8catMGG92bMDmOCahI63+lBiZ58fAWNTvCDUxo0h6B8eC/tZSRhWYtEumOrK/Xs9Bmsh CX9ZOVCMEAnO6valWp2UnemWtPYkRhIDBvbuPqUNRFfFY99Lt9DxWwB9q4i/1exmVY5E VWgQ== X-Forwarded-Encrypted: i=1; AJvYcCW3ziSYDc1JWg5u80o2e2NKtdNq2qWRaWCVu90HwjnvWZdVnD4ZzywLytrzY3PqA1/WovOlq8SXfbAf/OSXNFHN7rv46bs63z2FW/kduNyDjaGC X-Gm-Message-State: AOJu0YwTb3bVWLFOk2+kCxrAysjLVg7LdWi+5Pt6RXjMV4cvddcPpTsO X9jZ80ZpEiv1Y8MnTXauiVdMqfSoAac8relsEpqlziiFiM3owuAZfQaOCmRADsg= X-Google-Smtp-Source: AGHT+IGowHL2Cgx2+HEwju2B1NAu7Qsj8hdC6jgwO12rKTMB334Aknjlwdto0SgOTapDp30f1o4bmQ== X-Received: by 2002:a25:a1e5:0:b0:dc6:6307:d188 with SMTP id 3f1490d57ef6-dee4f345286mr5329124276.25.1715443319416; Sat, 11 May 2024 09:01:59 -0700 (PDT) Received: from [192.168.4.41] (162-239-31-113.lightspeed.dybhfl.sbcglobal.net. [162.239.31.113]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-debd38292cbsm1304589276.48.2024.05.11.09.01.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 11 May 2024 09:01:59 -0700 (PDT) Message-ID: <0fcf9ec9-82b4-4edb-8aa3-05aaa38f5987@joeconway.com> Date: Sat, 11 May 2024 12:01:58 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Feature Request: Option for TLS no SSLRequest with psql From: Joe Conway To: AJ ONeal , "pgsql-general@lists.postgresql.org" References: <5b4de652-65ec-44b5-bd1f-c1b43bdd09e9@joeconway.com> Content-Language: en-US Autocrypt: addr=mail@joeconway.com; keydata= xsFNBEpXMCsBEADDnXUQzjlyi/cX02Gtdy2CLcroE5CsC7DJKdOBDbfgn0kfiIYoV5JniG4l VyzZUodY8yUAagqLYolh0UkBzs9N+qkm7erde4ypw3jzVQ37BuzIvk3nMUbuDZDgxWqX+nVS sKc+BQ5BpzgCHg48leoRO2ohjvYnUhgH3j2rFZCzaj6qQ7mv+XoxOJmUlVQtG06Jwkk7Vu14 7U9nMMM6hyUKzVnmCphnlcMNo26UyVU70MwFfFJgcI0c5fpp8byN56eD6VJVnufO5WAuEhzE qcrSJR2FAlmM90GBY+6vP29twLDCHuSFvrnujNCx/BvCC/a3/gPvyAFp4JtMm9eXAmq3m/Kw 94nTJXVdcbQeQQDp3KIG7MmWS4lnGvPn8v0CjgNaLvZXFLo1FgmUVsyEq1Lww4iRLa6sbpXJ ESx15UEue1k1YZM9C+4F/o3aeKNsAienjw2EXFzcaxIg/C4P493VMi3Qa8ycVxR5iYhUbYdo DFIUQhbFNsYfrtW/qZAELT3FCYFpZYG01e9Hj+cBrXXgyDDkQ5Lq4mlvmkRvuxn61V6Au4HA 0sJiCox5pM1FvzT+aI8HY1BYaiB9Pl4fhpKgmhhlSuglk9v39S4jmlUIb45iLAUVpeNM6Qjm 69pf5da9sm4aGFa7YlDSKf/WcU7z9ITZxsilOi2n7YJiwG7kTQARAQABzSRKb3NlcGggRSBD b253YXkgPG1haWxAam9lY29ud2F5LmNvbT7CwXoEEwEIACQCGwMCHgECF4AFCwkIBwMFFQoJ CAsFFgIDAQAFAlWTVvUCGQEACgkQMyt+aLaZQ0oPCQ/9HyRewMyvAIJRmoXoLAr8AoFLId6R qBJnNX0Lll0RLZui65aQ0+exwX7aH7TxWR16B2gWX3OmLfGT8XITOoG+zt9zsEpLvNkHchkF T/jyAcbuRj5WX9hamZgMbjXAJeCdlhW+fRA9Upb0w4dgBjqK5OgsqMikASL7t2vogHl9H08j vSoQLW+8wTnSBXBeBTBwB7xLIin5WVivzFHUCrnD2UsjeBIW3fmGdpTAjSxRzG+UPYVwXQ8F FLt7DpEytvLWapmZWMRdj0WZ/Q3SOO/Ed0yFqbzuwKaWcFrQBNeS2Sig+FefBNS98f9Hx7ku H3DW34qX/zSSdDh0jLs7X3PkIgF6BZR2TxaCwHPP9ERDiDaUInC9U7We1iZE1DjW8rLMEVJB hY0ClrrF67pnUKTbcU+uajpPn+2Jl74T0Set/XxpHZ4cezcJuqg31R8vHZgd5cf1WKP0D0pc qiuS02BBFkNCs1jQ+raTWcDuE6F1mUO2nvjUBN9r4y5DUbCNSqLKeAe/aA6JaSDkBpoXKdNS +c4rbzbktWkfUW8EhVlCGzNpy4ezEoVsqV2Ex7fNoxsE2vnSylLT9hycAmYf8ryMvniRZqnD T4JgLenIcQlkhB896T7wApOXfD8OJj1/XFxAfPi6vdlsr81uoxuB4euLp8IyduwLORRUogO9 zmAXG5jOwU0ESlcyJwEQAOkTBb9yDhJbMUgvhM11rZwT5tm4Y9TqtEHn0Zy3t9g7bdFFpMva v/KENd3oAtLFpMDf+H3AggFk4ftUwJwiVgJ88ilvCynJUGXiuYIaexY4DLgn4xpnuiEpYEFV dWnlw7dWVTc62exfqIz9bSWRzwfBCY9ruYGEb4RDPDSNSAVyI7sxHzef2asiYxIcxrTrw5Vu gWNlPZcV5/EJ6PUvATjBF2TBkXV7KOciQng2tsQGrGMkY5mduNqwpuh6zfPcVF8LeObe96wv 5ZhPRpO79nef7hnK2lJogp3JIo558Jlbz9WHtQEMZR85+bUhtI825QyNAFz3Jrn7NMgvDikc 2OrWo7YMgMC5hDSWVFqA6/EQCNnDWGABWgeYHZFpnPwsvUWIYdhSilUuj/Tuzvz9ZmucFNbQ bauDQw6VQ38ofGnoYDZFJsGncprB8dBi4tDrIQ+1RlIh6C2Z/eMipqJOT26+spluTjouvnKT 0S5yOgyX0PjbsysgwQdCGNJLHOjhHbSpSmOLaduV3CQo/0+DHT/TBjYfIXjTWouY9TkGxG4e NrxU0u2xAy5bMqOPmsFdjLTWlQUlF/fTMhB54XwI3FHWgnSnXZzStDTmTebLNdT/ftgliAzA 81uMj49j0exv731/v+7udLA1bV8gnZ01zQCASDpWiRQR3fgwcugSUqgRABEBAAHCwV8EGAEI AAkFAkpXMicCGwwACgkQMyt+aLaZQ0pwAQ//bjcWnZg/jjRQ9gbZUGMqniItZYRglBMKIqt4 Fia379JmHwTvavnFkJ8XMZ56UB0FIrgS+sUkRH6cPRQR+7Qi392LD021DXgSsz9CwFHjFyBG HwLEOTRcfYQbtJy0shHDJB4aQTOX3ERDH1PsvJNuevmQMzS0DWFav9+xMz9rKP4N+HffoBIZ E0C1xIE43nD4eLsbycte9sVIrmlNuUti3qUxJAQw8HwfJ6ZbBInHxquApR16uD1u99o6Xlnd FrDlY22tRmHCM0bR81GfGNdcU3Uo+rG/R/k4qa7s9/dgKvMbyH3fHhp/ceKag80Xo8IFurRl 0ZJP3sHJ2QDHCVLat7jRZ+43hi1WlIhFbrgn6IyI0i7XR/W8JjrC5MsKq4TUwGH077sU/kcH YebVJZRbUUst2hAGHDFVBcG12qoKf+ltL9qXJc1y7BGeCoUW6QjOpljpq6ZL4FQUsM0RSRjs 5egE3szPcIf5SyPK6WDOApoAq6M7BBFMGDZwEylYMtr0YekA1u86UA9D2xwLHEbBBp/uiby1 c9JbPJ1Pn8zJP8WZNeRw4Q9TtqVK09+oLirMUSpIDd6KdZ1VgRxOK2re7tjDvkVuYsSrsiJ+ 1iJNEnp9iK0ok0DlJpSCe6KhkxpaTdeoWMXdKuJWec0NIqoAd54ZgBPnr+UPxTixgPq/p6Q= In-Reply-To: <5b4de652-65ec-44b5-bd1f-c1b43bdd09e9@joeconway.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 5/11/24 11:59, Joe Conway wrote: > On 5/11/24 11:19, AJ ONeal wrote: >> Could we get a `postgrestls://` or `sslmode=tls` or --tls option that >> instructs psql​ to sends straight TLS, skipping the 0000000804d2162f / >> 0000000804d21630 + N / Y / S handshake? > > > You should probably be following the hackers mailing list. See: > > https://www.postgresql.org/message-id/flat/CAM-w4HOEAzxyY01ZKOj-iq%3DM4-VDk%3DvzQgUsuqiTFjFDZaebdg%40mail.gmail.com > > and commits: > > https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=91044ae4baeac2e501e34164a69bd5d9c4976d21 > > https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d39a49c1e459804831302807c724fa6512e90cf0 And as of a few moments ago: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=407e0b023cdb449dde65fd370c6cc48f5b8a5579 -- Joe Conway PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com