Hi, On 2025-08-26 10:09:56 -0400, Tom Lane wrote: > xx Z <[email protected]> writes: > > For security compliance, we need to restrict the ciphers used by the > > client. Is there a way to configure the list of supported TLS ciphers on > > the standby for the replication connection? > > No. It's not really apparent to me why the client would have stronger > needs for this than the server does, so I don't see why the existing > server-side options aren't sufficient.
If the used cipher is too weak, it makes it easier for a malicious server to inject itself, pretending to be the real server. The settings on the real server don't take effect in that case. Greetings, Andres Freund
