On Tue, Aug 26, 2025 at 9:09 AM xx Z <[email protected]> wrote: > Hello, > Thank you for the reply and for the advice about our PostgreSQL version. > We will plan to update it. > To clarify what I meant by "standby (client)": In a streaming replication > setup, the standby server connects to the primary server to receive data. > In this specific network connection, the standby acts as the client, and > the primary acts as the server. >
I think you are using non-standard terminology. > My question is about restrict thr lists of supported TLS ciphers on the > standby (the client side of the connection). > Regarding my original question, does the latest version of PostgreSQL > provide a way to configure the client-side TLS cipher list for the > replication connection? If not, are there any discussions or plans to add > this feature in the future? > That's the responsibility of your ssl configuration, I think. https://www.postgresql.org/message-id/39BE74F7-903A-467F-AA15-E7062361A8E2%40yesql.se > > Ron Johnson <[email protected]>于2025年8月26日 周二21:00写道: > >> On Tue, Aug 26, 2025 at 3:28 AM xx Z <[email protected]> wrote: >> >>> Hello PostgreSQL community, >>> >>> I have a question regarding the configuration of streaming replication. >>> >>> When setting up streaming replication over TLS, I've noticed that while >>> the primary server can restrict its supported encryption algorithms using >>> the ssl_ciphers parameter, there doesn't seem to be a corresponding method >>> for the standby (client) side of the replication connection. The standby >>> appears to use all the default ciphers supported by the system's OpenSSL >>> library. >>> >> >> What is a "standby (client)"? >> >> Postgresql version: 15.2 >>> >> >> That's missing 12 sets (three years) of bug fixes. When using RPM or >> .deb packages, updating takes only a few minutes. >> > -- Death to <Redacted>, and butter sauce. Don't boil me, I'm still alive. <Redacted> lobster!
