Description
Describe the feature
Since PostgreSQL 17, implicit or direct SSL/TLS negotiation is supported by the server and the libpq client library. Previously PostgreSQL only negotiated TLS after a PGSQL protocol handshake; With direct negotiation, TLS envelopes the PGSQL protocol in the same way it envelopes HTTP to form HTTPS.
This makes it possible to terminate TLS for postgresql with nginx, caddy, haproxy, etc. as well as negotiate backend server/protocol with SNI and ALPN without extra round-trips.
It would be really nice if PgClient library users have an easy way to specify the protocol(s) and client cipher suite in addition to the usual TLS options. Change Cipher Spec message is another unnecessary round-trip.
Docs: https://www.postgresql.org/docs/current/libpq-connect.html
TL/DR: enable direct negotiation for libpq with parameter sslnegotiation=direct or environment variable PGSSLNEGOTIATION=direct.
Contribution
No response