| Value | Meaning |
|---|---|
| DISABLE"disable" | only try a non-SSL connection. |
| ALLOW"allow" | first try a non-SSL connection; if that fails, try an SSL connection. |
| PREFER"prefer" | first try an SSL connection; if that fails, try a non-SSL connection. |
| REQUIRE"require" | only try an SSL connection. If a root CA file is present, verify the certificate in the same way as if verify-ca was specified. |
| VERIFY_CA"verify-ca" | only try an SSL connection, and verify that the server certificate is issued by a trusted certificate authority (CA). |
| VERIFY_FULL"verify-full" | only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the requested server host name matches that in the certificate. |
The different values for the sslmode parameter provide different levels of protection. See more information in <a href="https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION">Protection Provided in Different Modes</a>.