<div dir="ltr"><div><div><div><div><div><div><div><div>Hi Tatsuo,<br><br></div>I noticed that postgresql will specify hosting a particular user with SSL authentication:<br><a href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">https://www.postgresql.org/docs/current/auth-pg-hba-conf.html</a><br><br></div>and pgpool has to set its own hba file to override the one of postgresql:<br><a href="https://www.pgpool.net/docs/44/en/html/auth-pool-hba-conf.html">https://www.pgpool.net/docs/44/en/html/auth-pool-hba-conf.html</a><br><br></div>So the scenario seems:<br></div>postgresql --plain TCP-- pgpool  --SSL TCP-- some client<br><br></div>Am I correct?<br></div>Also I would like to know if there is a method to establish an SSL TCP with a client without asking the client to show its certificate, just like https does to encrypt http content. <br><br><a href="https://serverfault.com/questions/1127529/how-to-use-nginx-as-ssl-reverse-proxy-for-postgresql-tcp-connection/">https://serverfault.com/questions/1127529/how-to-use-nginx-as-ssl-reverse-proxy-for-postgresql-tcp-connection/</a><br><br></div>Thanks in advance<br></div>  Zhaoxun<br><div><div><br></div></div></div>