Re: Feature request: A method to configure client-side TLS ciphers for streaming replication

From: Ron Johnson <ronljohnsonjr(at)gmail(dot)com>
To: "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
Date: 2025-08-26 12:59:39
Message-ID: CANzqJaBirEU9ZNZdSSPKRW7Hm9LrXCYOcH62=bppzOr6-AvGVg@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Tue, Aug 26, 2025 at 3:28 AM xx Z <xxz030811(at)gmail(dot)com> wrote:

> Hello PostgreSQL community,
>
> I have a question regarding the configuration of streaming replication.
>
> When setting up streaming replication over TLS, I've noticed that while
> the primary server can restrict its supported encryption algorithms using
> the ssl_ciphers parameter, there doesn't seem to be a corresponding method
> for the standby (client) side of the replication connection. The standby
> appears to use all the default ciphers supported by the system's OpenSSL
> library.
>

What is a "standby (client)"?

Postgresql version: 15.2
>

That's missing 12 sets (three years) of bug fixes. When using RPM or .deb
packages, updating takes only a few minutes.

--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Siraj G 2025-08-26 13:00:34 DMS error where postgres is the destination
Previous Message Ron Johnson 2025-08-26 12:53:37 Re: DISABLE TRIGGER doc wrong?