Re: Feature request: A method to configure client-side TLS ciphers for streaming replication

Hello,
Thank you for the reply and for the advice about our PostgreSQL version. We
will plan to update it.
To clarify what I meant by "standby (client)": In a streaming replication
setup, the standby server connects to the primary server to receive data.
In this specific network connection, the standby acts as the client, and
the primary acts as the server. My question is about restrict thr lists of
supported TLS ciphers on the standby (the client side of the connection).
Regarding my original question, does the latest version of PostgreSQL
provide a way to configure the client-side TLS cipher list for the
replication connection? If not, are there any discussions or plans to add
this feature in the future?
Thank you for your help.
Best regards,
Yunfei Zhou

Ron Johnson <ronljohnsonjr(at)gmail(dot)com>于2025年8月26日 周二21:00写道：

> On Tue, Aug 26, 2025 at 3:28 AM xx Z <xxz030811(at)gmail(dot)com> wrote:
>
>> Hello PostgreSQL community,
>>
>> I have a question regarding the configuration of streaming replication.
>>
>> When setting up streaming replication over TLS, I've noticed that while
>> the primary server can restrict its supported encryption algorithms using
>> the ssl_ciphers parameter, there doesn't seem to be a corresponding method
>> for the standby (client) side of the replication connection. The standby
>> appears to use all the default ciphers supported by the system's OpenSSL
>> library.
>>
>
> What is a "standby (client)"?
>
> Postgresql version: 15.2
>>
>
> That's missing 12 sets (three years) of bug fixes. When using RPM or .deb
> packages, updating takes only a few minutes.
>
> --
> Death to <Redacted>, and butter sauce.
> Don't boil me, I'm still alive.
> <Redacted> lobster!
>