[ https://issues.jboss.org/browse/TEIID-3177?page=com.atlassian.jira.plugin... ] Steven Hawkins edited comment on TEIID-3177 at 10/22/14 9:49 AM: ----------------------------------------------------------------- Note that this is the default behavior of a pg server as well (with the distinction that other auth types such as a hash would be supported). You have to additionally configure the hba conf to deny non-ssl client connections - which is what this feature will be analogous to. Also note that http://www.postgresql.org/docs/9.2/static/libpq-ssl.html states that clients must be configured for ssl - see sslmode or else the client can still send information in an non-secure fashion even if the server is in ssl mode regardless of whether it is rejecting connections (this may be because there are versions of the pg client that can send password information in the initialization message or not waiting for the authentication mode response from the server). was (Author: shawkins): Note that this is the default behavior of a pg server as well. You have to additionally configure the hba conf to deny non-ssl client connections - which is what this feature will be analogous to. Also note that http://www.postgresql.org/docs/9.2/static/libpq-ssl.html states that clients must be configured for ssl - see sslmode or else the client can still send information in an non-secure fashion even if the server is in ssl mode regardless of whether it is rejecting connections (this may be because there are versions of the pg client that can send password information in the initialization message or not waiting for the authentication mode response from the server). -- This message was sent by Atlassian JIRA (v6.3.1#6329)