Re: Feature request: A method to configure client-side TLS ciphers for streaming replication

Поиск

Список

Период

Сортировка

От	Tom Lane
Тема	Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
Дата	26 августа 17:09:56
Msg-id	1058545.1756217396@sss.pgh.pa.us обсуждение исходный текст
Ответ на	Feature request: A method to configure client-side TLS ciphers for streaming replication (xx Z <xxz030811@gmail.com>)
Ответы	Re: Feature request: A method to configure client-side TLS ciphers for streaming replication Re: Feature request: A method to configure client-side TLS ciphers for streaming replication
Список	pgsql-hackers

Дерево обсуждения

xx Z <xxz030811@gmail.com> writes:
> For security compliance, we need to restrict the ciphers used by the
> client. Is there a way to configure the list of supported TLS ciphers on
> the standby for the replication connection?

No.  It's not really apparent to me why the client would have stronger
needs for this than the server does, so I don't see why the existing
server-side options aren't sufficient.

(For that matter, if you have system-level security specifications
to meet, why would you not alter the system-wide OpenSSL configuration
on the client's host?)

            regards, tom lane

В списке pgsql-hackers по дате отправления:

Вход в личный кабинет

Восстановление пароля

Подтверждение аккаунта

Изменение пароля

Re: Feature request: A method to configure client-side TLS ciphers for streaming replication