diff options
Diffstat (limited to 'src/interfaces/libpq/fe-connect.c')
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index ec20e3f3a90..5c6f0d9943a 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -4430,11 +4430,12 @@ select_next_encryption_method(PGconn *conn, bool have_valid_connection) /* * If enabled, try direct SSL. Unless we have a valid TCP connection that - * failed negotiating GSSAPI encryption or a plaintext connection in case - * of sslmode='allow'; in that case we prefer to reuse the connection with - * negotiated SSL, instead of reconnecting to do direct SSL. The point of - * direct SSL is to avoid the roundtrip from the negotiation, but - * reconnecting would also incur a roundtrip. + * failed negotiating GSSAPI encryption; in that case we prefer to reuse + * the connection with negotiated SSL, instead of reconnecting to do + * direct SSL. The point of sslnegotiation=direct is to avoid the + * roundtrip from the negotiation, but reconnecting would also incur a + * roundtrip. (In sslnegotiation=requiredirect mode, negotiated SSL is not + * in the list of allowed methods and we will reconnect.) */ if (have_valid_connection) SELECT_NEXT_METHOD(ENC_NEGOTIATED_SSL); |