Quick Links

Re: Feature request: A method to configure client-side TLS ciphers for streaming replication

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	xx Z <xxz030811(at)gmail(dot)com>
Cc:	pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
Date:	2025-08-26 14:09:56
Message-ID:	1058545.1756217396@sss.pgh.pa.us
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

xx Z <xxz030811(at)gmail(dot)com> writes:
> For security compliance, we need to restrict the ciphers used by the
> client. Is there a way to configure the list of supported TLS ciphers on
> the standby for the replication connection?

No. It's not really apparent to me why the client would have stronger
needs for this than the server does, so I don't see why the existing
server-side options aren't sufficient.

(For that matter, if you have system-level security specifications
to meet, why would you not alter the system-wide OpenSSL configuration
on the client's host?)

regards, tom lane

In response to

Feature request: A method to configure client-side TLS ciphers for streaming replication at 2025-08-26 07:46:35 from xx Z

Responses

Re: Feature request: A method to configure client-side TLS ciphers for streaming replication at 2025-08-26 15:08:40 from Andres Freund
Re: Feature request: A method to configure client-side TLS ciphers for streaming replication at 2025-08-26 15:14:59 from Jacob Champion

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Kirk Wolak	2025-08-26 14:11:43	Re: [WiP] B-tree page merge during vacuum to reduce index bloat
Previous Message	Andrei Lepikhov	2025-08-26 14:03:35	Redundant parameter in the get_useful_pathkeys_for_relation