May 2018
Intermediate to advanced
576 pages
30h 25m
English
In the Setting up a client to use SSL section of the previous recipe, Connecting using SSL, we saw how the client's SSL behavior is affected by environment variables. Depending on how the SSLMODE environment variable is set on the client (either via compile-time settings, the PGSSLMODE environment variable, or the sslmode connection parameter), the client may attempt to connect without SSL first, and then attempt an SSL connection only after the server rejects the non-SSL connection.
This duplicates a connection attempt every time a client accesses an SSL-only server.
To make sure that the client tries to establish an SSL connection on the first attempt, SSLMODE must be set to prefer or higher.