| From: | Ron Johnson <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Feature request: A method to configure client-side TLS ciphers for streaming replication |
| Date: | 2025-08-26 18:43:46 |
| Message-ID: | CANzqJaDb_V09gUFfCZZL==kwCwQfDZn8uO5y9z1G1PZuSgTG2w@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Aug 26, 2025 at 9:09 AM xx Z <xxz030811(at)gmail(dot)com> wrote:
> Hello,
> Thank you for the reply and for the advice about our PostgreSQL version.
> We will plan to update it.
> To clarify what I meant by "standby (client)": In a streaming replication
> setup, the standby server connects to the primary server to receive data.
> In this specific network connection, the standby acts as the client, and
> the primary acts as the server.
>
I think you are using non-standard terminology.
> My question is about restrict thr lists of supported TLS ciphers on the
> standby (the client side of the connection).
> Regarding my original question, does the latest version of PostgreSQL
> provide a way to configure the client-side TLS cipher list for the
> replication connection? If not, are there any discussions or plans to add
> this feature in the future?
>
That's the responsibility of your ssl configuration, I think.
https://www.postgresql.org/message-id/39BE74F7-903A-467F-AA15-E7062361A8E2%40yesql.se
>
> Ron Johnson <ronljohnsonjr(at)gmail(dot)com>于2025年8月26日 周二21:00写道:
>
>> On Tue, Aug 26, 2025 at 3:28 AM xx Z <xxz030811(at)gmail(dot)com> wrote:
>>
>>> Hello PostgreSQL community,
>>>
>>> I have a question regarding the configuration of streaming replication.
>>>
>>> When setting up streaming replication over TLS, I've noticed that while
>>> the primary server can restrict its supported encryption algorithms using
>>> the ssl_ciphers parameter, there doesn't seem to be a corresponding method
>>> for the standby (client) side of the replication connection. The standby
>>> appears to use all the default ciphers supported by the system's OpenSSL
>>> library.
>>>
>>
>> What is a "standby (client)"?
>>
>> Postgresql version: 15.2
>>>
>>
>> That's missing 12 sets (three years) of bug fixes. When using RPM or
>> .deb packages, updating takes only a few minutes.
>>
>
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dimitrios Apostolou | 2025-08-26 19:43:44 | In-order pg_dump (or in-order COPY TO) |
| Previous Message | DINESH NAIR | 2025-08-26 18:10:06 | Re: How to configure client-side TLS ciphers for streaming replication? |