Home > mailing lists

Re: Feature request: A method to configure client-side TLS ciphers for streaming replication - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
Date	August 26 17:09:56
Msg-id	1058545.1756217396@sss.pgh.pa.us Whole thread Raw
In response to	Feature request: A method to configure client-side TLS ciphers for streaming replication (xx Z <xxz030811@gmail.com>)
Responses	Re: Feature request: A method to configure client-side TLS ciphers for streaming replication Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
List	pgsql-hackers

Tree view

xx Z <xxz030811@gmail.com> writes:
> For security compliance, we need to restrict the ciphers used by the
> client. Is there a way to configure the list of supported TLS ciphers on
> the standby for the replication connection?

No.  It's not really apparent to me why the client would have stronger
needs for this than the server does, so I don't see why the existing
server-side options aren't sufficient.

(For that matter, if you have system-level security specifications
to meet, why would you not alter the system-wide OpenSSL configuration
on the client's host?)

            regards, tom lane

pgsql-hackers by date:

From: Andrei Lepikhov
Date: 26 August, 17:03:35
Subject: Redundant parameter in the get_useful_pathkeys_for_relation

From: Kirk Wolak
Date: 26 August, 17:11:43
Subject: Re: [WiP] B-tree page merge during vacuum to reduce index bloat

Re: Feature request: A method to configure client-side TLS ciphers for streaming replication - Mailing list pgsql-hackers

Previous

Next