Home > mailing lists

Re: How to configure client-side TLS ciphers for streaming replication? - Mailing list pgsql-general

From	Laurenz Albe
Subject	Re: How to configure client-side TLS ciphers for streaming replication?
Date	August 26 23:16:39
Msg-id	a38653565ad81ced7480f810bbe02918c5ee6cbf.camel@cybertec.at Whole thread Raw
In response to	Re: How to configure client-side TLS ciphers for streaming replication? (xx Z <xxz030811@gmail.com>)
Responses	Re: How to configure client-side TLS ciphers for streaming replication?
List	pgsql-general

Tree view

On Tue, 2025-08-26 at 20:34 +0800, xx Z wrote:
> Thanks for your suggestion.
> But I still want to know why we can't set "ssl_ciphers" on the client side.

I'd say because nobody implemented it, perhaps because nobody felt the need.

> This is still considered a security issue in some cases, and PostgreSQL has
> mature capabilities on the master side to implement this functionality.

That sounds to me like some moderately clueful security auditor is looking
for a nit to pick.  If you do streaming replication, and you control the
ciphers on the primary server, what added security benefit do you get by
controlling the ciphers on the standby server (the client) as well?

Yours,
Laurenz Albe

pgsql-general by date:

From: Dimitrios Apostolou
Date: 26 August, 22:43:44
Subject: In-order pg_dump (or in-order COPY TO)

From: "David G. Johnston"
Date: 26 August, 23:31:12
Subject: Re: In-order pg_dump (or in-order COPY TO)

Re: How to configure client-side TLS ciphers for streaming replication? - Mailing list pgsql-general

Previous

Next