Thanks for your suggestion. But I still want to know why we can't set "ssl_ciphers" on the client side. This is still considered a security issue in some cases, and PostgreSQL has mature capabilities on the master side to implement this functionality.
Greetings, Yunfei Zhou Laurenz Albe <[email protected]>于2025年8月26日 周二20:17写道: > On Tue, 2025-08-26 at 19:48 +0800, xx Z wrote: > > Is there a way for a streaming replication standby (client) to restrict > its list > > of supported TLS ciphers, similar to how the ssl_ciphers parameter works > on the > > primary server? > > We need this for security compliance but can't find an equivalent > setting for > > the client-side connection in primary_conninfo. > > I don't think that there is a way to do that on the client side. > But the streaming replication primary is surely under your control, so it > should > be sufficient to set "ssl_siphers" there. > > Yours, > Laurenz Albe >
