Date: 2024-10-02
Time: 10:40–11:30
Room: The Hub
Level: Intermediate
Feedback: Leave feedback
SSL support in PostgreSQL is old, and SSL itself is even older. New versions have appeared and many new setup and configuration options have been developed. On the other side, regulations, policies, and security concerns affecting many users are complicated and evolving.
In this talk I will discuss how to set up SSL for PostgreSQL in a modern and robust way, which versions and options to select and which ones to forget, how to select protocol versions and ciphers, how to deal with keys and certificates, and how to address (some) regulatory and policy issues. I'll also look at how connection proxies and poolers such as PgBouncer affect SSL deployments. Finally, we'll look at some new facilities in PostgreSQL 17 that will hopefully make SSL deployments for PostgreSQL more efficient and secure in the future.