| From: | xx Z <xxz030811(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Feature request: A method to configure client-side TLS ciphers for streaming replication |
| Date: | 2025-08-26 07:27:40 |
| Message-ID: | CA+aQVj+i6c=6h3SHMVYwkdVZpyNUm5OnZOz=TnjLXxNpHKj75w@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello PostgreSQL community,
I have a question regarding the configuration of streaming replication.
When setting up streaming replication over TLS, I've noticed that while the
primary server can restrict its supported encryption algorithms using the
ssl_ciphers parameter, there doesn't seem to be a corresponding method for
the standby (client) side of the replication connection. The standby
appears to use all the default ciphers supported by the system's OpenSSL
library.
For security compliance, we need to restrict the ciphers used by the
client. Is there a way to configure the list of supported TLS ciphers on
the standby for the replication connection?
If this functionality does not currently exist, I would like to request it
as a new feature. It would be very helpful to have a connection parameter
in primary_conninfo to specify the client-side cipher list.
Postgresql version: 15.2
Thank you for your time and consideration.
Best regards,
Yunfei Zhou
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Achilleas Mantzios | 2025-08-26 07:38:30 | Re: Strange deadlock with object/target of lock : transaction |
| Previous Message | Achilleas Mantzios | 2025-08-26 07:06:13 | Re: Strange deadlock with object/target of lock : transaction |