Home > mailing lists

Re: How to configure client-side TLS ciphers for streaming replication? - Mailing list pgsql-general

From	xx Z
Subject	Re: How to configure client-side TLS ciphers for streaming replication?
Date	August 26 15:34:59
Msg-id	CA+aQVj+bq9iz-zM+s3F9_bDFGA_oZ41T-dHX=f=mMXhAP87K6w@mail.gmail.com Whole thread Raw
In response to	Re: How to configure client-side TLS ciphers for streaming replication? (Laurenz Albe <laurenz.albe@cybertec.at>)
Responses	Re: How to configure client-side TLS ciphers for streaming replication? Re: How to configure client-side TLS ciphers for streaming replication?
List	pgsql-general

Tree view

Thanks for your suggestion.

But I still want to know why we can't set "ssl_ciphers" on the client side.

This is still considered a security issue in some cases, and PostgreSQL has mature capabilities on the master side to implement this functionality.

Greetings,

Yunfei Zhou

Laurenz Albe <laurenz.albe@cybertec.at>于2025年8月26日周二20:17写道：

On Tue, 2025-08-26 at 19:48 +0800, xx Z wrote:
> Is there a way for a streaming replication standby (client) to restrict its list
> of supported TLS ciphers, similar to how the ssl_ciphers parameter works on the
> primary server?
> We need this for security compliance but can't find an equivalent setting for
> the client-side connection in primary_conninfo.

I don't think that there is a way to do that on the client side.
But the streaming replication primary is surely under your control, so it should
be sufficient to set "ssl_siphers" there.

Yours,
Laurenz Albe

pgsql-general by date:

From: Laurenz Albe
Date: 26 August, 15:16:58
Subject: Re: How to configure client-side TLS ciphers for streaming replication?

From: Ron Johnson
Date: 26 August, 15:53:37
Subject: Re: DISABLE TRIGGER doc wrong?

Re: How to configure client-side TLS ciphers for streaming replication? - Mailing list pgsql-general

Previous

Next