From 0868d35256de9683816b9462432dc48ac92a240c Mon Sep 17 00:00:00 2001
From: Mostafa Moradian <mostafa@gatewayd.io>
Date: Fri, 29 Dec 2023 12:51:50 +0100
Subject: [PATCH] Downgrade log level to warning for SSL request from client
 when TLS termination or server-side SSL is disabled

---
 network/proxy.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/network/proxy.go b/network/proxy.go
index 4ca07d15..1828e670 100644
--- a/network/proxy.go
+++ b/network/proxy.go
@@ -394,19 +394,19 @@ func (pr *Proxy) PassThroughToServer(conn *ConnWrapper, stack *Stack) *gerr.Gate
 	} else if !conn.IsTLSEnabled() && IsPostgresSSLRequest(request) {
 		// Client sent a SSL request, but the server does not support SSL.
 
-		pr.logger.Error().Fields(
+		pr.logger.Warn().Fields(
 			map[string]interface{}{
 				"local":  LocalAddr(conn.Conn()),
 				"remote": RemoteAddr(conn.Conn()),
 			},
-		).Msg("Server does not support SSL, but SSL was requested")
-		span.AddEvent("Server does not support SSL, but SSL was requested")
+		).Msg("Server does not support SSL, but SSL was requested by the client")
+		span.AddEvent("Server does not support SSL, but SSL was requested by the client")
 
-		// Server does not support SSL, and SSL was preferred,
+		// Server does not support SSL, and SSL was preferred by the client,
 		// so we need to switch to a plaintext connection:
 		// https://www.postgresql.org/docs/current/protocol-flow.html#PROTOCOL-FLOW-SSL
 		if _, err := conn.Write([]byte{'N'}); err != nil {
-			pr.logger.Error().Err(err).Msg("Server does not support SSL, but SSL was required")
+			pr.logger.Error().Err(err).Msg("Server does not support SSL, but SSL was required by the client")
 			span.RecordError(err)
 		}