Update concepts-networking-ssl-tls.md

GennadNY · GennadNY · commit 2764f960d7dd · 2024-05-01T14:25:00.000-04:00
diff --git a/articles/postgresql/flexible-server/concepts-networking-ssl-tls.md b/articles/postgresql/flexible-server/concepts-networking-ssl-tls.md
@@ -94,7 +94,11 @@ There are many connection parameters for configuring the client for SSL. Few imp
 |verify-ca| Encryption is used. Moreover, verify the server certificate signature against certificate stored on the client|
 |verify-full| Encryption is used. Moreover, verify server certificate signature and host name  against certificate stored on the client|
 
-3. **sslcert**, **sslkey, and **sslrootcert**. These parameters can override default location of the client certificate, the PKCS-8 client key and root certificate. These defaults to /defaultdir/postgresql.crt, /defaultdir/postgresql.pk8, and /defaultdir/root.crt respectively where defaultdir is ${user.home}/.postgresql/ in *nix systems and %appdata%/postgresql/ on windows. 
+The default **sslmode** mode used is different between libpq-based clients (such as psql) and JDBC. The libpq-based clients default to *prefer*, and JDBC clients default to *verify-full*.
+
+3. **sslcert**, **sslkey**, and **sslrootcert**. These parameters can override default location of the client certificate, the PKCS-8 client key and root certificate. These defaults to /defaultdir/postgresql.crt, /defaultdir/postgresql.pk8, and /defaultdir/root.crt respectively where defaultdir is ${user.home}/.postgresql/ in *nix systems and %appdata%/postgresql/ on windows. 
+
+
 
 **Certificate Authorities (CAs)** are the institutions responsible for issuing certificates. A trusted certificate authority is an entity that’s entitled to verify someone is who they say they are. In order for this model to work, all participants must agree on a set of trusted CAs. All operating systems and most web browsers ship with a set of trusted CAs.
 
@@ -119,7 +123,7 @@ Microsoft RSA Root Certificate Authority 2017  https://www.microsoft.com/pkiops/
 * Optionally, to prevent future disruption, it's also recommended to add the following roots to the trusted store:
   Microsoft ECC Root Certificate Authority 2017 - https://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Root%20Certificate%20Authority%202017.crt
 
-To import certificates to client certificate stores you may have to convert certificate .crt files to .pem format, after downloading certificate files from URIs above. You can use OpenSSL utility to do these file conversions, as shown in example below:
+To import certificates to client certificate stores you may have to **convert certificate .crt files to .pem format**, after downloading certificate files from URIs above. You can use OpenSSL utility to do these file conversions, as shown in example below:
 
 ```powershell
 openssl x509 -in certificate.crt -out certificate.pem -outform PEM
@@ -157,6 +161,8 @@ Before trying to access your SSL enabled server from client application, make su
 *SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)*
 *Type "help" for help.*
 
+You can also load the **[sslinfo extension](./concepts-extensions.md)** and then call the *ssl_is_used()* function to determine if SSL is being used. The function returns t if the connection is using SSL, otherwise it returns f.
+
 
 
 ## Cipher Suites
