> On 12 Jun 2024, at 21:17, Tom Lane <tgl@xxxxxxxxxxxxx> wrote: > > Casey & Gina <cg@xxxxxxxx> writes: >> So why can't I use SSL when connecting from a client to a UNIX socket? > > (1) It'd add overhead without adding any security. Data going through > a UNIX socket will only pass through the local kernel, and if that's > compromised then it's game over anyway. > > (2) I'm less sure about this part, but I seem to recall that openssl > doesn't actually work if given a UNIX socket. That indeed used to be the case, at least until 1.0.2 and possibly 1.1.1, but AF_UNIX is supported in 3+ IIRC. That being said, I agree with your (1). -- Daniel Gustafsson
