Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lotPu-000274-3h for pgsql-hackers@arkaria.postgresql.org; Thu, 03 Jun 2021 19:54:10 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1lotPt-0005l8-27 for pgsql-hackers@arkaria.postgresql.org; Thu, 03 Jun 2021 19:54:09 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lotPs-0005jM-PX for pgsql-hackers@lists.postgresql.org; Thu, 03 Jun 2021 19:54:08 +0000 Received: from relay9-d.mail.gandi.net ([217.70.183.199]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lotPo-0007MU-RB for pgsql-hackers@lists.postgresql.org; Thu, 03 Jun 2021 19:54:08 +0000 Received: (Authenticated sender: adsend@dunslane.net) by relay9-d.mail.gandi.net (Postfix) with ESMTPSA id E9DE3FF803; Thu, 3 Jun 2021 19:54:00 +0000 (UTC) Subject: Re: Support for NSS as a libpq TLS backend To: Daniel Gustafsson , Jeff Davis Cc: Andres Freund , Postgres hackers , Michael Paquier , Andrew Dunstan , Stephen Frost , Thomas Munro References: <20200904012334.GF19499@paquier.xyz> <20200917074134.GX2873@paquier.xyz> <20200929055939.GF7117@paquier.xyz> <411593A7-E037-474D-BFD7-D3D6683C1D46@yesql.se> <20201020191529.5yverw3ybaube3pg@alap3.anarazel.de> <907FA7D1-9BD9-464B-A6EC-DEEB53438D36@yesql.se> <20201028063957.cvln377jgao33ssu@alap3.anarazel.de> <1538bd8894fc723d97d5c41b9d4bb8feb9db0d43.camel@j-davis.com> From: Andrew Dunstan Message-ID: <8228d950-5bee-d1e9-b0ad-577a854939fa@dunslane.net> Date: Thu, 3 Jun 2021 15:53:59 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 6/3/21 1:47 PM, Daniel Gustafsson wrote: >> On 3 Jun 2021, at 19:37, Jeff Davis wrote: >> >> On Tue, 2020-10-27 at 23:39 -0700, Andres Freund wrote: >>> Maybe we should just have --with-ssl={openssl,nss}? That'd avoid >>> needing >>> to check for errors. >> [ apologies for the late reply ] >> >> Would it be more proper to call it --with-tls={openssl,nss} ? > Well, we use SSL for everything else (GUCs, connection params and env vars etc) > so I think --with-ssl is sensible. > > However, SSL and TLS are used quite interchangeably these days so I think it > makes sense to provide --with-tls as an alias. > Yeah, but it's annoying to have to start every talk I give touching this subject with the slide that says "When we say SSL we really means TLS". Maybe release 15 would be a good time to rename user-visible option names etc, with support for legacy names. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com