Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uqu9h-00EyET-Sc
	for pgsql-general@arkaria.postgresql.org; Tue, 26 Aug 2025 13:56:11 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uqu9h-006a41-9W
	for pgsql-general@arkaria.postgresql.org; Tue, 26 Aug 2025 13:56:09 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <robjsargent@gmail.com>)
	id 1uqu9g-006a3s-Vc
	for pgsql-general@lists.postgresql.org; Tue, 26 Aug 2025 13:56:09 +0000
Received: from mail-qk1-x72c.google.com ([2607:f8b0:4864:20::72c])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <robjsargent@gmail.com>)
	id 1uqu9f-001qhY-0z
	for pgsql-general@lists.postgresql.org;
	Tue, 26 Aug 2025 13:56:08 +0000
Received: by mail-qk1-x72c.google.com with SMTP id af79cd13be357-7e8704b7a3dso602214785a.1
        for <pgsql-general@lists.postgresql.org>; Tue, 26 Aug 2025 06:56:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1756216567; x=1756821367; darn=lists.postgresql.org;
        h=to:in-reply-to:cc:references:message-id:date:subject:mime-version
         :from:content-transfer-encoding:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LLnfHa/jVWjxqHrMuUIq+kwwk7nUpnV/5vKsQvLRkcg=;
        b=k1Y+QZxU/OSYTv4flQKAAMSGUenm2Cf2a9KoaQ/NklumKSe41wqLqxgbhc/2KRuWs2
         78K0Y/c5zdzca9+Yb/t8VDhpvlNOxaXzmwt7kDxCzQdmcQrHHsLp/5sPZUIDOYZFoKlA
         X1mHBuyXvraqTVi8yg6v3erB4WLz/YPhs4KwB18rfpCrmck+wQHWBdnrIv6yELLmAy6p
         JARGUmZyCpQAAz2Wh3t8ALumtFsGnOzMFUeb41eFEW6MMNhmQJv9DpbLVTVyXPF9qQN9
         MjMdUmGngd9v3fd0O+dZcnPyhpb1LKazTqT6YTv9ESLRT8peyaLReUFxn+aIfl0vJYCM
         1GxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1756216567; x=1756821367;
        h=to:in-reply-to:cc:references:message-id:date:subject:mime-version
         :from:content-transfer-encoding:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LLnfHa/jVWjxqHrMuUIq+kwwk7nUpnV/5vKsQvLRkcg=;
        b=jxt/clDwmFgou2zjej9bDpwOa2sevf1XHNcMXyUN/k8Fp0uvVOmUw7bgq8K6PMgurf
         ChR8AI1twQzZ7hLbLBDTGbJiih4757Q9Y0ktitvpeiVEaJ7ACMYhAiNOBTG8cfBkj+b4
         sbUlBdyFm2TgxeFDVVjUoRvJ57UtOhd+w3TgWsg2PysRCtGXhpY8qFK9pFbUt8awIr8y
         6oHjt/JvS29dE1eo0NHYPz99btVo8VcD/U2hAk8pZXJ6KaEU1ujzyxh07JDnBWF41Jt4
         cGFoxe/F1CE+0JtrqaiEHFHSWLaBGrbrRI53ha0LH4jg5zzYJ+w6BEFM1XCtVVOkaOLu
         AkxA==
X-Forwarded-Encrypted: i=1; AJvYcCVoM5/NWldFAYHkFKhEBPUIybn0nCIYZxw9X1iL930Gjl3DxtGqL12lvn7bexjr/5UmbanhfC/f2/F8Ufqk@lists.postgresql.org
X-Gm-Message-State: AOJu0Yxz21Euz1gaZPS6C6Ij46w7qyEYLc8UHlmBBtpdNuVCpCTemIln
	IzkB8eD5tmRW7Y8cSKubVyimWs2PayYuGavdVheKNoQZviY6l6r4iuK0io3/FQ==
X-Gm-Gg: ASbGncuqHdwPM4oPywiVh2osDhaT6LY5f0Yot9BMoUrLN9mLbwlujqHyIicpq9AelbN
	W1tg0JfxiMCfLEtevrrXTPoj+EejUoJbjHDEXoUundNMhqsrmuPV5VPZ2yo1Ju5XJli6ofazZ4I
	Gn93EXLLd2fXHB13uvvFXD1N1fvgM47AIutOCbmtvGeAXUZGmBX6IzcNs42JvAcF8u8L4q5Uohz
	wkElm+67lldH6EZvHZr/Fwakwck6nqpWXOFiIfondtK0kJdgvVLGX1A+KtRyS/Ho8xUlYAAdZyJ
	LVVuJ2be/CaepYnNMxhvBtPcJ7Xkcfyp/z9DMvkIQvyXP5ib9EQFhhmpqW0YqzfhVPH3PgSQG6f
	HGFq4Jw48BLKg94DtfrsAdoHpui561o10IhWDIyzu3hR697UdqFJ+ZARG2ebfyZfXgHc86IbrA4
	SVwTJfQokoaqZTBg==
X-Google-Smtp-Source: AGHT+IHmDqjFZ1kH3mYiTSnEyQAmqkA6HDhd4YJcBnIDvdVmtlN7L3/YHjm3CF+VaDRgEdVmsFl3Zg==
X-Received: by 2002:a05:620a:d8a:b0:7ea:5aa:84fe with SMTP id af79cd13be357-7ea10fc79ebmr1793970085a.2.1756216565625;
        Tue, 26 Aug 2025 06:56:05 -0700 (PDT)
Received: from smtpclient.apple (ec2-18-88-11-105.compute-1.amazonaws.com. [18.88.11.105])
        by smtp.gmail.com with ESMTPSA id 6a1803df08f44-70da7145f0csm65610246d6.9.2025.08.26.06.56.05
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 26 Aug 2025 06:56:05 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Rob Sargent <robjsargent@gmail.com>
Mime-Version: 1.0 (1.0)
Subject: Re: How to configure client-side TLS ciphers for streaming replication?
Date: Tue, 26 Aug 2025 06:55:54 -0700
Message-Id: <0BE2AD55-0253-4E1F-8190-7BE91D6D0F8C@gmail.com>
References: <CA+aQVj+bq9iz-zM+s3F9_bDFGA_oZ41T-dHX=f=mMXhAP87K6w@mail.gmail.com>
Cc: Laurenz Albe <laurenz.albe@cybertec.at>,
 pgsql-general@lists.postgresql.org
In-Reply-To: <CA+aQVj+bq9iz-zM+s3F9_bDFGA_oZ41T-dHX=f=mMXhAP87K6w@mail.gmail.com>
To: Z xx <xxz030811@gmail.com>
X-Mailer: iPhone Mail (22G100)
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/0BE2AD55-0253-4E1F-8190-7BE91D6D0F8C%40gmail.com>
Precedence: bulk



> On Aug 26, 2025, at 5:35=E2=80=AFAM, xx Z <xxz030811@gmail.com> wrote:
>=20
> =EF=BB=BF
> Thanks for your suggestion.
> But I still want to know why we can't set "ssl_ciphers" on the client side=
.
> This is still considered a security issue in some cases, and PostgreSQL ha=
s mature capabilities on the master side to implement this functionality.
>=20
> Greetings,
> Yunfei Zhou
>=20

What is your attack/exposure scenario?