Closed hlinnaka closed 3 weeks ago
The direct SSL protocol is described in https://www.postgresql.org/docs/devel/protocol-flow.html#PROTOCOL-FLOW-SSL
Once you start to look this, I'd like get feedback on the relevant PostgreSQL documentation. Is it clear from the docs how it works? Anything missing that should be mentioned?
@hlinnaka when is postgres 17 due to release?
@hlinnaka when is postgres 17 due to release?
Around September 2024
The GA 17.0 release is around September 2024, but v17 beta1 will released in the next few days. There's no rush, but it would be nice to have this some time before the GA release.
PostgreSQL 17 supports "direct SSL connections". That means, you can start the TLS handshake immediately after opening the TCP connection, without the traditional
SSLRequest
negotiation. That eliminates one round-trip from establishing a connection. libpq in v17 has new optionsslnegotiation=direct
, to use the new mode.Let's add support for that to the proxy. There are two parts to this:
Accept "direct SSL" connections from clients.
Because our proxy parses and handles the authentication, we can accept direct SSL connections regardless of the Postgres server version that you're ultimately connecting to.
Use the new direct SSL connections when connecting to a v17 server. We don't have v17 computes yet, so this will need to wait until we do.