Minimum TLS protocol version accepted.
At a glance
| Property | Value |
|---|---|
| Parameter | ssl_min_protocol_version |
| Category | Authentication |
| Default | TLSv1.2 |
| Value type | boolean / enum / numeric |
| Change scope | Reload (no restart) |
What it does
Sets the lowest TLS protocol version the server will negotiate.
How to apply a change
Takes effect on configuration reload (sighup context). Run SELECT pg_reload_conf(); or send SIGHUP — no restart needed.
Inspect the current value and source with SHOW ssl_min_protocol_version; or SELECT name, setting, unit, context, source FROM pg_settings WHERE name = 'ssl_min_protocol_version';.
Tuning guidance
Leave at TLSv1.2 or raise to TLSv1.3; never lower it to TLS 1.0/1.1.