Re: How to configure client-side TLS ciphers for streaming replication?
| От | xx Z |
|---|---|
| Тема | Re: How to configure client-side TLS ciphers for streaming replication? |
| Дата | |
| Msg-id | CA+aQVj+bq9iz-zM+s3F9_bDFGA_oZ41T-dHX=f=mMXhAP87K6w@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: How to configure client-side TLS ciphers for streaming replication? (Laurenz Albe <laurenz.albe@cybertec.at>) |
| Ответы |
Re: How to configure client-side TLS ciphers for streaming replication?
Re: How to configure client-side TLS ciphers for streaming replication? |
| Список | pgsql-general |
Thanks for your suggestion.
But I still want to know why we can't set "ssl_ciphers" on the client side.
This is still considered a security issue in some cases, and PostgreSQL has mature capabilities on the master side to implement this functionality.
Greetings,
Yunfei Zhou
Laurenz Albe <laurenz.albe@cybertec.at>于2025年8月26日 周二20:17写道:
On Tue, 2025-08-26 at 19:48 +0800, xx Z wrote:
> Is there a way for a streaming replication standby (client) to restrict its list
> of supported TLS ciphers, similar to how the ssl_ciphers parameter works on the
> primary server?
> We need this for security compliance but can't find an equivalent setting for
> the client-side connection in primary_conninfo.
I don't think that there is a way to do that on the client side.
But the streaming replication primary is surely under your control, so it should
be sufficient to set "ssl_siphers" there.
Yours,
Laurenz Albe
В списке pgsql-general по дате отправления: