Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s5p8Q-008O3V-LO for pgsql-general@arkaria.postgresql.org; Sat, 11 May 2024 15:59:42 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s5p8O-005vR1-Rd for pgsql-general@arkaria.postgresql.org; Sat, 11 May 2024 15:59:41 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s5p8O-005vQp-CN for pgsql-general@lists.postgresql.org; Sat, 11 May 2024 15:59:40 +0000 Received: from mail-yw1-x1130.google.com ([2607:f8b0:4864:20::1130]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s5p8M-000Vav-2l for pgsql-general@lists.postgresql.org; Sat, 11 May 2024 15:59:39 +0000 Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-61be4b986aaso33880567b3.3 for ; Sat, 11 May 2024 08:59:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joeconway.com; s=google; t=1715443177; x=1716047977; darn=lists.postgresql.org; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=9Nva+eZFAL6HyAXKIdgi8k5C2tB3ep8XW/lbpGYTLsw=; b=RFKthQRSe0u/ya9+u7i75PVYXTVop8cpNnn54EvlNOZ0HkAD02mBFgCgqkw0lZimYc jCR0SYp2QImwGtgaHoV7bTGXXhMtFA4w4XCXGosThMhPWC04re3PqaEXsxeXboIlkPmf vI5XfugVbKNK8caklLLbdCVbs7GbwEvJg+pq0tcgA7plawDYAshCcLAbuX4ZkqFBFpdr 9LERDzaK+bAAYi0Jd0/6pRKtfPWKq5Og6cW8Udt/fZRgXTD8b3BvASD8RQ5AJUr4U1uj P+BKk79j6zZZhBtp9f0902zSRhdVeMLcLGm/h2wp5Jjds3g1G4yKz9rv1umVbDl9ERPq +96w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715443177; x=1716047977; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9Nva+eZFAL6HyAXKIdgi8k5C2tB3ep8XW/lbpGYTLsw=; b=XCyrkFLcDcQEJ4ILfmxQuBfL+tiRyEkN5+7Ag5Br1Aq+/v749H3rJ8empQJTe5Qvta 6551bbbo75mY+EBjYKrm6CY/6FGn/b0SU6rT3WB8zzidfjiUx+Sd1gOwOji/vOTgtYQu ySQkCwB55SjSIBIOqKKqxIxR6FDvnAkDh/bi5WhDUf9pTIitl17YypTCyKzjHA7phI+B t67tjTBuhuNN4i+2BSEwAA794mtQ1iQs5s3+cbe/exTEofFSa0R2TZGYM1agr6z4cR7A zjwCOM8xhLbNXizAqVSbA2La00yiC6VZanE+0yDmmwPBSPflh1cSnYoNQwcbo8HVUWmC k0QA== X-Forwarded-Encrypted: i=1; AJvYcCWvAozMqxLBcACVurHmTBS6dq9YC6v+xfpOsAjoF9y8WWOOYDOGi3yl/IbrxAZkHxODuy2UDPJ9Aut6RS3LvrAI6uNfEI7Dpd9ydREsNgA7OLdS X-Gm-Message-State: AOJu0YybuGzlCyVpHSA7SWVsXszIQzqyiKlZgoJ+oY4EuCxXdqFXglSQ nXkAfbzfDSWa+xbK7Oh9DrBdmjaQ1pspr1SLizZwlDEFAQvTPcxWjhypSd56Vrc= X-Google-Smtp-Source: AGHT+IGs3w3B4uw2Hi+PFy9g4hG/+MIw8MwVQZ6IAps1J/jNitGB7sBKiT3j/JktbXlUnj/GPqS3VQ== X-Received: by 2002:a0d:c843:0:b0:61b:3484:316b with SMTP id 00721157ae682-622c80936ddmr14011117b3.14.1715443176874; Sat, 11 May 2024 08:59:36 -0700 (PDT) Received: from [192.168.4.41] (162-239-31-113.lightspeed.dybhfl.sbcglobal.net. [162.239.31.113]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6209e345e75sm12670567b3.97.2024.05.11.08.59.36 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 11 May 2024 08:59:36 -0700 (PDT) Message-ID: <5b4de652-65ec-44b5-bd1f-c1b43bdd09e9@joeconway.com> Date: Sat, 11 May 2024 11:59:36 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Feature Request: Option for TLS no SSLRequest with psql To: AJ ONeal , "pgsql-general@lists.postgresql.org" References: Content-Language: en-US From: Joe Conway Autocrypt: addr=mail@joeconway.com; keydata= xsFNBEpXMCsBEADDnXUQzjlyi/cX02Gtdy2CLcroE5CsC7DJKdOBDbfgn0kfiIYoV5JniG4l VyzZUodY8yUAagqLYolh0UkBzs9N+qkm7erde4ypw3jzVQ37BuzIvk3nMUbuDZDgxWqX+nVS sKc+BQ5BpzgCHg48leoRO2ohjvYnUhgH3j2rFZCzaj6qQ7mv+XoxOJmUlVQtG06Jwkk7Vu14 7U9nMMM6hyUKzVnmCphnlcMNo26UyVU70MwFfFJgcI0c5fpp8byN56eD6VJVnufO5WAuEhzE qcrSJR2FAlmM90GBY+6vP29twLDCHuSFvrnujNCx/BvCC/a3/gPvyAFp4JtMm9eXAmq3m/Kw 94nTJXVdcbQeQQDp3KIG7MmWS4lnGvPn8v0CjgNaLvZXFLo1FgmUVsyEq1Lww4iRLa6sbpXJ ESx15UEue1k1YZM9C+4F/o3aeKNsAienjw2EXFzcaxIg/C4P493VMi3Qa8ycVxR5iYhUbYdo DFIUQhbFNsYfrtW/qZAELT3FCYFpZYG01e9Hj+cBrXXgyDDkQ5Lq4mlvmkRvuxn61V6Au4HA 0sJiCox5pM1FvzT+aI8HY1BYaiB9Pl4fhpKgmhhlSuglk9v39S4jmlUIb45iLAUVpeNM6Qjm 69pf5da9sm4aGFa7YlDSKf/WcU7z9ITZxsilOi2n7YJiwG7kTQARAQABzSRKb3NlcGggRSBD b253YXkgPG1haWxAam9lY29ud2F5LmNvbT7CwXoEEwEIACQCGwMCHgECF4AFCwkIBwMFFQoJ CAsFFgIDAQAFAlWTVvUCGQEACgkQMyt+aLaZQ0oPCQ/9HyRewMyvAIJRmoXoLAr8AoFLId6R qBJnNX0Lll0RLZui65aQ0+exwX7aH7TxWR16B2gWX3OmLfGT8XITOoG+zt9zsEpLvNkHchkF T/jyAcbuRj5WX9hamZgMbjXAJeCdlhW+fRA9Upb0w4dgBjqK5OgsqMikASL7t2vogHl9H08j vSoQLW+8wTnSBXBeBTBwB7xLIin5WVivzFHUCrnD2UsjeBIW3fmGdpTAjSxRzG+UPYVwXQ8F FLt7DpEytvLWapmZWMRdj0WZ/Q3SOO/Ed0yFqbzuwKaWcFrQBNeS2Sig+FefBNS98f9Hx7ku H3DW34qX/zSSdDh0jLs7X3PkIgF6BZR2TxaCwHPP9ERDiDaUInC9U7We1iZE1DjW8rLMEVJB hY0ClrrF67pnUKTbcU+uajpPn+2Jl74T0Set/XxpHZ4cezcJuqg31R8vHZgd5cf1WKP0D0pc qiuS02BBFkNCs1jQ+raTWcDuE6F1mUO2nvjUBN9r4y5DUbCNSqLKeAe/aA6JaSDkBpoXKdNS +c4rbzbktWkfUW8EhVlCGzNpy4ezEoVsqV2Ex7fNoxsE2vnSylLT9hycAmYf8ryMvniRZqnD T4JgLenIcQlkhB896T7wApOXfD8OJj1/XFxAfPi6vdlsr81uoxuB4euLp8IyduwLORRUogO9 zmAXG5jOwU0ESlcyJwEQAOkTBb9yDhJbMUgvhM11rZwT5tm4Y9TqtEHn0Zy3t9g7bdFFpMva v/KENd3oAtLFpMDf+H3AggFk4ftUwJwiVgJ88ilvCynJUGXiuYIaexY4DLgn4xpnuiEpYEFV dWnlw7dWVTc62exfqIz9bSWRzwfBCY9ruYGEb4RDPDSNSAVyI7sxHzef2asiYxIcxrTrw5Vu gWNlPZcV5/EJ6PUvATjBF2TBkXV7KOciQng2tsQGrGMkY5mduNqwpuh6zfPcVF8LeObe96wv 5ZhPRpO79nef7hnK2lJogp3JIo558Jlbz9WHtQEMZR85+bUhtI825QyNAFz3Jrn7NMgvDikc 2OrWo7YMgMC5hDSWVFqA6/EQCNnDWGABWgeYHZFpnPwsvUWIYdhSilUuj/Tuzvz9ZmucFNbQ bauDQw6VQ38ofGnoYDZFJsGncprB8dBi4tDrIQ+1RlIh6C2Z/eMipqJOT26+spluTjouvnKT 0S5yOgyX0PjbsysgwQdCGNJLHOjhHbSpSmOLaduV3CQo/0+DHT/TBjYfIXjTWouY9TkGxG4e NrxU0u2xAy5bMqOPmsFdjLTWlQUlF/fTMhB54XwI3FHWgnSnXZzStDTmTebLNdT/ftgliAzA 81uMj49j0exv731/v+7udLA1bV8gnZ01zQCASDpWiRQR3fgwcugSUqgRABEBAAHCwV8EGAEI AAkFAkpXMicCGwwACgkQMyt+aLaZQ0pwAQ//bjcWnZg/jjRQ9gbZUGMqniItZYRglBMKIqt4 Fia379JmHwTvavnFkJ8XMZ56UB0FIrgS+sUkRH6cPRQR+7Qi392LD021DXgSsz9CwFHjFyBG HwLEOTRcfYQbtJy0shHDJB4aQTOX3ERDH1PsvJNuevmQMzS0DWFav9+xMz9rKP4N+HffoBIZ E0C1xIE43nD4eLsbycte9sVIrmlNuUti3qUxJAQw8HwfJ6ZbBInHxquApR16uD1u99o6Xlnd FrDlY22tRmHCM0bR81GfGNdcU3Uo+rG/R/k4qa7s9/dgKvMbyH3fHhp/ceKag80Xo8IFurRl 0ZJP3sHJ2QDHCVLat7jRZ+43hi1WlIhFbrgn6IyI0i7XR/W8JjrC5MsKq4TUwGH077sU/kcH YebVJZRbUUst2hAGHDFVBcG12qoKf+ltL9qXJc1y7BGeCoUW6QjOpljpq6ZL4FQUsM0RSRjs 5egE3szPcIf5SyPK6WDOApoAq6M7BBFMGDZwEylYMtr0YekA1u86UA9D2xwLHEbBBp/uiby1 c9JbPJ1Pn8zJP8WZNeRw4Q9TtqVK09+oLirMUSpIDd6KdZ1VgRxOK2re7tjDvkVuYsSrsiJ+ 1iJNEnp9iK0ok0DlJpSCe6KhkxpaTdeoWMXdKuJWec0NIqoAd54ZgBPnr+UPxTixgPq/p6Q= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 5/11/24 11:19, AJ ONeal wrote: > Could we get a `postgrestls://` or `sslmode=tls` or --tls option that > instructs psql​ to sends straight TLS, skipping the 0000000804d2162f / > 0000000804d21630 + N / Y / S handshake? You should probably be following the hackers mailing list. See: https://www.postgresql.org/message-id/flat/CAM-w4HOEAzxyY01ZKOj-iq%3DM4-VDk%3DvzQgUsuqiTFjFDZaebdg%40mail.gmail.com and commits: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=91044ae4baeac2e501e34164a69bd5d9c4976d21 https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d39a49c1e459804831302807c724fa6512e90cf0 -- Joe Conway PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com