git.postgresql.org Git - postgresql.git/commit

author	Heikki Linnakangas <[email protected]>
	Mon, 8 Apr 2024 01:24:49 +0000 (04:24 +0300)
committer	Heikki Linnakangas <[email protected]>
	Mon, 8 Apr 2024 01:24:49 +0000 (04:24 +0300)
commit	d39a49c1e459804831302807c724fa6512e90cf0
tree	6c4c806f3e663ace026213bf719a89873fe7a7ab	tree
parent	05fd30c0e730bd5238f62d2fdfdcfaf28b16b225	commit \| diff

Support TLS handshake directly without SSLRequest negotiation

By skipping SSLRequest, you can eliminate one round-trip when
establishing a TLS connection. It is also more friendly to generic TLS
proxies that don't understand the PostgreSQL protocol.

This is disabled by default in libpq, because the direct TLS handshake
will fail with old server versions. It can be enabled with the
sslnegotation=direct option. It will still fall back to the negotiated
TLS handshake if the server rejects the direct attempt, either because
it is an older version or the server doesn't support TLS at all, but
the fallback can be disabled with the sslnegotiation=requiredirect
option.

Author: Greg Stark, Heikki Linnakangas
Reviewed-by: Matthias van de Meent, Jacob Champion

doc/src/sgml/libpq.sgml		diff \| blob \| blame \| history
doc/src/sgml/protocol.sgml		diff \| blob \| blame \| history
src/backend/libpq/be-secure.c		diff \| blob \| blame \| history
src/backend/libpq/pqcomm.c		diff \| blob \| blame \| history
src/backend/tcop/backend_startup.c		diff \| blob \| blame \| history
src/include/libpq/libpq-be.h		diff \| blob \| blame \| history
src/include/libpq/libpq.h		diff \| blob \| blame \| history
src/interfaces/libpq/fe-connect.c		diff \| blob \| blame \| history
src/interfaces/libpq/fe-secure-openssl.c		diff \| blob \| blame \| history
src/interfaces/libpq/libpq-fe.h		diff \| blob \| blame \| history
src/interfaces/libpq/libpq-int.h		diff \| blob \| blame \| history
src/test/libpq_encryption/t/001_negotiate_encryption.pl		diff \| blob \| blame \| history