diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2024-04-08 04:24:51 +0300 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2024-04-08 04:24:51 +0300 |
| commit | 91044ae4baeac2e501e34164a69bd5d9c4976d21 (patch) | |
| tree | 030ae118927d18f14ecb8840ec6719932b79773c /doc/src | |
| parent | d39a49c1e459804831302807c724fa6512e90cf0 (diff) | |
| download | postgresql-91044ae4baeac2e501e34164a69bd5d9c4976d21.tar.gz postgresql-91044ae4baeac2e501e34164a69bd5d9c4976d21.zip | |
Send ALPN in TLS handshake, require it in direct SSL connections
libpq now always tries to send ALPN. With the traditional negotiated
SSL connections, the server accepts the ALPN, and refuses the
connection if it's not what we expect, but connecting without ALPN is
still OK. With the new direct SSL connections, ALPN is mandatory.
NOTE: This uses "TBD-pgsql" as the protocol ID. We must register a
proper one with IANA before the release!
Author: Greg Stark, Heikki Linnakangas
Reviewed-by: Matthias van de Meent, Jacob Champion
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 0fb728e2b28..0306a76161b 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -2944,6 +2944,18 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name); </para> </listitem> </varlistentry> + <varlistentry> + <term><literal>alpn</literal></term> + <listitem> + <para> + Application protocol selected by the TLS Application-Layer + Protocol Negotiation (ALPN) extension. The only protocol + supported by libpq is <literal>TBD-pgsql</literal>, so this is + mainly useful for checking whether the server supported ALPN or + not. Empty string if ALPN was not used. + </para> + </listitem> + </varlistentry> </variablelist> </para> |