Enables SSL/TLS connections.
At a glance
| Property | Value |
|---|---|
| Parameter | ssl |
| Category | Authentication |
| Default | off |
| Value type | boolean / enum / numeric |
| Change scope | Reload (no restart) |
What it does
When on, the server accepts SSL/TLS-encrypted connections, using the configured certificate and key files.
How to apply a change
Takes effect on configuration reload (sighup context). Run SELECT pg_reload_conf(); or send SIGHUP — no restart needed.
Inspect the current value and source with SHOW ssl; or SELECT name, setting, unit, context, source FROM pg_settings WHERE name = 'ssl';.
Tuning guidance
Turn on for any network-exposed server. Provide ssl_cert_file/ssl_key_file, then require encryption in pg_hba.conf with hostssl and reject plaintext with hostnossl ... reject.