Specifically, currently we're missing requiring mutual authentication for both session encryption and authentication, and required protection level being ProtectionLevel.EncryptAndSign for session encryption. There's also delegation, but given that it's only needed for very specific cases (such as using fdw so PG can pass client's credentials to authenticate to a remote database) and no one requested it before, we can postpone implementing it.