Home > mailing lists

Re: Feature request: A method to configure client-side TLS ciphers for streaming replication - Mailing list pgsql-hackers

From	Jacob Champion
Subject	Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
Date	August 26 18:14:59
Msg-id	CAOYmi+k8Q6y8W4PoQobi+FK9QNnzvOcYr=7O7=sc-PbCET-DnA@mail.gmail.com Whole thread Raw
In response to	Re: Feature request: A method to configure client-side TLS ciphers for streaming replication (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Tue, Aug 26, 2025 at 7:10 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> (For that matter, if you have system-level security specifications
> to meet, why would you not alter the system-wide OpenSSL configuration
> on the client's host?)

There is that, or you can maybe use OPENSSL_CONF for more granularity.
(But I'm beginning to think we should support named configuration
sections [1] of openssl.conf, in both the client and the server, to
make this a bit easier.)

--Jacob

[1] https://docs.openssl.org/1.1.1/man3/SSL_CTX_config/

pgsql-hackers by date:

From: Andres Freund
Date: 26 August, 18:08:40
Subject: Re: Feature request: A method to configure client-side TLS ciphers for streaming replication

From: Michael Banck
Date: 26 August, 18:17:28
Subject: Re: Dead code in ps_status.c

Re: Feature request: A method to configure client-side TLS ciphers for streaming replication - Mailing list pgsql-hackers

Previous

Next