Hello PostgreSQL community,
I have a question regarding the configuration of streaming replication.
When setting up streaming replication over TLS, I've noticed that while the primary server can restrict its supported encryption algorithms using the ssl_ciphers parameter, there doesn't seem to be a corresponding method for the standby (client) side of the replication connection. The standby appears to use all the default ciphers supported by the system's OpenSSL library.
For security compliance, we need to restrict the ciphers used by the client. Is there a way to configure the list of supported TLS ciphers on the standby for the replication connection?
If this functionality does not currently exist, I would like to request it as a new feature. It would be very helpful to have a connection parameter in primary_conninfo to specify the client-side cipher list.
Postgresql version: 15.2
Thank you for your time and consideration.
Best regards,
Yunfei Zhou
