Re: How to configure client-side TLS ciphers for streaming replication?

Поиск
Список
Период
Сортировка
От DINESH NAIR
Тема Re: How to configure client-side TLS ciphers for streaming replication?
Дата
Msg-id PN4P287MB43813EBDE5D319C9C9237AD99C39A@PN4P287MB4381.INDP287.PROD.OUTLOOK.COM
обсуждение исходный текст
Ответ на Re: How to configure client-side TLS ciphers for streaming replication?  (Rob Sargent <robjsargent@gmail.com>)
Список pgsql-general
Дерево обсуждения
Hi ,

Found an article which might be of help, configuring through  HAProxy as a TLS proxy to control cipher suites.

https://stackoverflow.com/questions/53198588/how-to-disable-specific-cipher-suites-from-haproxy-can-i-do-this-ssl-default
Ciphers: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

Thanks & Regards

Dinesh Nair


From: Rob Sargent <robjsargent@gmail.com>
Sent: Tuesday, August 26, 2025 7:25 PM
To: Z xx <xxz030811@gmail.com>
Cc: Laurenz Albe <laurenz.albe@cybertec.at>; pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
Subject: Re: How to configure client-side TLS ciphers for streaming replication?
 
[You don't often get email from robjsargent@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Caution: This email was sent from an external source. Please verify the sender’s identity before clicking links or opening attachments.

> On Aug 26, 2025, at 5:35 AM, xx Z <xxz030811@gmail.com> wrote:
>
> 
> Thanks for your suggestion.
> But I still want to know why we can't set "ssl_ciphers" on the client side.
> This is still considered a security issue in some cases, and PostgreSQL has mature capabilities on the master side to implement this functionality.
>
> Greetings,
> Yunfei Zhou
>

What is your attack/exposure scenario?



В списке pgsql-general по дате отправления: