public inbox for [email protected]help / color / mirror / Atom feed
Re: Feature request: A method to configure client-side TLS ciphers for streaming replication 3+ messages / 2 participants [nested] [flat]
* Re: Feature request: A method to configure client-side TLS ciphers for streaming replication @ 2025-08-26 12:59 Ron Johnson <[email protected]> 2025-08-26 13:09 ` Re: Feature request: A method to configure client-side TLS ciphers for streaming replication xx Z <[email protected]> 0 siblings, 1 reply; 3+ messages in thread From: Ron Johnson @ 2025-08-26 12:59 UTC (permalink / raw) To: pgsql-generallists.postgresql.org <[email protected]> On Tue, Aug 26, 2025 at 3:28 AM xx Z <[email protected]> wrote: > Hello PostgreSQL community, > > I have a question regarding the configuration of streaming replication. > > When setting up streaming replication over TLS, I've noticed that while > the primary server can restrict its supported encryption algorithms using > the ssl_ciphers parameter, there doesn't seem to be a corresponding method > for the standby (client) side of the replication connection. The standby > appears to use all the default ciphers supported by the system's OpenSSL > library. > What is a "standby (client)"? Postgresql version: 15.2 > That's missing 12 sets (three years) of bug fixes. When using RPM or .deb packages, updating takes only a few minutes. -- Death to <Redacted>, and butter sauce. Don't boil me, I'm still alive. <Redacted> lobster! ^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: Feature request: A method to configure client-side TLS ciphers for streaming replication 2025-08-26 12:59 Re: Feature request: A method to configure client-side TLS ciphers for streaming replication Ron Johnson <[email protected]> @ 2025-08-26 13:09 ` xx Z <[email protected]> 2025-08-26 18:43 ` Re: Feature request: A method to configure client-side TLS ciphers for streaming replication Ron Johnson <[email protected]> 0 siblings, 1 reply; 3+ messages in thread From: xx Z @ 2025-08-26 13:09 UTC (permalink / raw) To: Ron Johnson <[email protected]>; +Cc: pgsql-generallists.postgresql.org <[email protected]> Hello, Thank you for the reply and for the advice about our PostgreSQL version. We will plan to update it. To clarify what I meant by "standby (client)": In a streaming replication setup, the standby server connects to the primary server to receive data. In this specific network connection, the standby acts as the client, and the primary acts as the server. My question is about restrict thr lists of supported TLS ciphers on the standby (the client side of the connection). Regarding my original question, does the latest version of PostgreSQL provide a way to configure the client-side TLS cipher list for the replication connection? If not, are there any discussions or plans to add this feature in the future? Thank you for your help. Best regards, Yunfei Zhou Ron Johnson <[email protected]>于2025年8月26日 周二21:00写道: > On Tue, Aug 26, 2025 at 3:28 AM xx Z <[email protected]> wrote: > >> Hello PostgreSQL community, >> >> I have a question regarding the configuration of streaming replication. >> >> When setting up streaming replication over TLS, I've noticed that while >> the primary server can restrict its supported encryption algorithms using >> the ssl_ciphers parameter, there doesn't seem to be a corresponding method >> for the standby (client) side of the replication connection. The standby >> appears to use all the default ciphers supported by the system's OpenSSL >> library. >> > > What is a "standby (client)"? > > Postgresql version: 15.2 >> > > That's missing 12 sets (three years) of bug fixes. When using RPM or .deb > packages, updating takes only a few minutes. > > -- > Death to <Redacted>, and butter sauce. > Don't boil me, I'm still alive. > <Redacted> lobster! > ^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: Feature request: A method to configure client-side TLS ciphers for streaming replication 2025-08-26 12:59 Re: Feature request: A method to configure client-side TLS ciphers for streaming replication Ron Johnson <[email protected]> 2025-08-26 13:09 ` Re: Feature request: A method to configure client-side TLS ciphers for streaming replication xx Z <[email protected]> @ 2025-08-26 18:43 ` Ron Johnson <[email protected]> 0 siblings, 0 replies; 3+ messages in thread From: Ron Johnson @ 2025-08-26 18:43 UTC (permalink / raw) To: pgsql-generallists.postgresql.org <[email protected]> On Tue, Aug 26, 2025 at 9:09 AM xx Z <[email protected]> wrote: > Hello, > Thank you for the reply and for the advice about our PostgreSQL version. > We will plan to update it. > To clarify what I meant by "standby (client)": In a streaming replication > setup, the standby server connects to the primary server to receive data. > In this specific network connection, the standby acts as the client, and > the primary acts as the server. > I think you are using non-standard terminology. > My question is about restrict thr lists of supported TLS ciphers on the > standby (the client side of the connection). > Regarding my original question, does the latest version of PostgreSQL > provide a way to configure the client-side TLS cipher list for the > replication connection? If not, are there any discussions or plans to add > this feature in the future? > That's the responsibility of your ssl configuration, I think. https://www.postgresql.org/message-id/39BE74F7-903A-467F-AA15-E7062361A8E2%40yesql.se > > Ron Johnson <[email protected]>于2025年8月26日 周二21:00写道: > >> On Tue, Aug 26, 2025 at 3:28 AM xx Z <[email protected]> wrote: >> >>> Hello PostgreSQL community, >>> >>> I have a question regarding the configuration of streaming replication. >>> >>> When setting up streaming replication over TLS, I've noticed that while >>> the primary server can restrict its supported encryption algorithms using >>> the ssl_ciphers parameter, there doesn't seem to be a corresponding method >>> for the standby (client) side of the replication connection. The standby >>> appears to use all the default ciphers supported by the system's OpenSSL >>> library. >>> >> >> What is a "standby (client)"? >> >> Postgresql version: 15.2 >>> >> >> That's missing 12 sets (three years) of bug fixes. When using RPM or >> .deb packages, updating takes only a few minutes. >> > -- Death to <Redacted>, and butter sauce. Don't boil me, I'm still alive. <Redacted> lobster! ^ permalink raw reply [nested|flat] 3+ messages in thread
end of thread, other threads:[~2025-08-26 18:43 UTC | newest] Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2025-08-26 12:59 Re: Feature request: A method to configure client-side TLS ciphers for streaming replication Ron Johnson <[email protected]> 2025-08-26 13:09 ` xx Z <[email protected]> 2025-08-26 18:43 ` Ron Johnson <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox