public inbox for [email protected]
help / color / mirror / Atom feedFrom: Ron Johnson <[email protected]>
To: pgsql-generallists.postgresql.org <[email protected]>
Subject: Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
Date: Tue, 26 Aug 2025 14:43:46 -0400
Message-ID: <CANzqJaDb_V09gUFfCZZL==kwCwQfDZn8uO5y9z1G1PZuSgTG2w@mail.gmail.com> (raw)
In-Reply-To: <CA+aQVjJQgZ3Daq4eftH-8mA3e9Nbp2p3n_GEf+WhWVWPatbKSA@mail.gmail.com>
References: <CA+aQVj+i6c=6h3SHMVYwkdVZpyNUm5OnZOz=TnjLXxNpHKj75w@mail.gmail.com>
<CANzqJaBirEU9ZNZdSSPKRW7Hm9LrXCYOcH62=bppzOr6-AvGVg@mail.gmail.com>
<CA+aQVjJQgZ3Daq4eftH-8mA3e9Nbp2p3n_GEf+WhWVWPatbKSA@mail.gmail.com>
On Tue, Aug 26, 2025 at 9:09 AM xx Z <[email protected]> wrote:
> Hello,
> Thank you for the reply and for the advice about our PostgreSQL version.
> We will plan to update it.
> To clarify what I meant by "standby (client)": In a streaming replication
> setup, the standby server connects to the primary server to receive data.
> In this specific network connection, the standby acts as the client, and
> the primary acts as the server.
>
I think you are using non-standard terminology.
> My question is about restrict thr lists of supported TLS ciphers on the
> standby (the client side of the connection).
> Regarding my original question, does the latest version of PostgreSQL
> provide a way to configure the client-side TLS cipher list for the
> replication connection? If not, are there any discussions or plans to add
> this feature in the future?
>
That's the responsibility of your ssl configuration, I think.
https://www.postgresql.org/message-id/39BE74F7-903A-467F-AA15-E7062361A8E2%40yesql.se
>
> Ron Johnson <[email protected]>于2025年8月26日 周二21:00写道:
>
>> On Tue, Aug 26, 2025 at 3:28 AM xx Z <[email protected]> wrote:
>>
>>> Hello PostgreSQL community,
>>>
>>> I have a question regarding the configuration of streaming replication.
>>>
>>> When setting up streaming replication over TLS, I've noticed that while
>>> the primary server can restrict its supported encryption algorithms using
>>> the ssl_ciphers parameter, there doesn't seem to be a corresponding method
>>> for the standby (client) side of the replication connection. The standby
>>> appears to use all the default ciphers supported by the system's OpenSSL
>>> library.
>>>
>>
>> What is a "standby (client)"?
>>
>> Postgresql version: 15.2
>>>
>>
>> That's missing 12 sets (three years) of bug fixes. When using RPM or
>> .deb packages, updating takes only a few minutes.
>>
>
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
view thread (3+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
In-Reply-To: <CANzqJaDb_V09gUFfCZZL==kwCwQfDZn8uO5y9z1G1PZuSgTG2w@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox