From 8e0dfa05f4615618e9cd70bf96ebda7d59779697 Mon Sep 17 00:00:00 2001 From: Matt Bond Date: Fri, 31 Oct 2025 14:05:52 -0400 Subject: [PATCH] document tls_client_required setting --- docs/configuration/pgdog.toml/general.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/configuration/pgdog.toml/general.md b/docs/configuration/pgdog.toml/general.md index 917b458..d7ce674 100644 --- a/docs/configuration/pgdog.toml/general.md +++ b/docs/configuration/pgdog.toml/general.md @@ -77,6 +77,12 @@ Default: **none** !!! note This setting cannot be changed at runtime. +### `tls_client_required` + +Reject clients that connect without TLS. Consider setting this to `true` when using the `enabled_plain` mode of [passthrough_auth](#passthrough_auth). + +Default: **`false`** (disabled) + ### `tls_verify` How to handle TLS connections to Postgres servers. By default, PgDog will attempt to establish TLS and will accept _any_ server certificate.