Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vXq2s-007E8Y-2M for pgsql-docs@arkaria.postgresql.org; Tue, 23 Dec 2025 00:14:35 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vXq2r-00GnTt-2E for pgsql-docs@arkaria.postgresql.org; Tue, 23 Dec 2025 00:14:34 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vXq2r-00GnTl-1T for pgsql-docs@lists.postgresql.org; Tue, 23 Dec 2025 00:14:34 +0000 Received: from momjian.us ([72.94.173.45]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vXq2q-0026BK-2C for pgsql-docs@lists.postgresql.org; Tue, 23 Dec 2025 00:14:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2025010100; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description; bh=Ac691Q5505pK3VnPKeFHRYZ8LJy52ROKufymXWxOkY4=; b=sieXp dsooKKQUvlLBK3HA03rGyUVK811y0wiex8dqAe/0i301OW6VWbdJ1hBv/IklfSGhZSllKMTDx6LfR MO9DIt160R70vSrI2Wcbj9EGrlFhPJEW8fMIm34t2NP3ZCbFkAlbz62tYzYDOoTt1yQecE9R2OQlB nDozrArkFWkPHUQGmpiDhwrE/OVUsFH7+HtiGeSu9SaKAEbY4EsjTk+rzLC3o/DDwHyhp0QE8iJGW 6XMAs1kXFzrIKqjuoyz16sENvutc4EWZi1ha/xlCyiz7m1QIl/crwPc7nj2KTpaDpUlAVpvka5yyO P6yhBV3lyr4Wi2bykSjfaqwSJn4Qg==; Received: from bruce by momjian.us with local (Exim 4.98.2) (envelope-from ) id 1vXq2p-0000000EYdu-0X5H; Mon, 22 Dec 2025 19:14:31 -0500 Date: Mon, 22 Dec 2025 19:14:31 -0500 From: Bruce Momjian To: colinthart@gmail.com, pgsql-docs@lists.postgresql.org Subject: Re: Which parameters are only used on startup? Message-ID: References: <176414965817.802.9539749613450037479@wrigleys.postgresql.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <176414965817.802.9539749613450037479@wrigleys.postgresql.org> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, Nov 26, 2025 at 09:34:18AM +0000, PG Doc comments form wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/18/runtime-config-connection.html > Description: > > Clarify that ssl_cert_file and ssl_key_file are only read on startup -- > implying that the params can be changed and the files moved to the new > location/name without requiring a restart. Of course a restart is good to > validate that the params and files are configured correctly. The docs say that you can only change this in postgresql.conf or on the command line. Changes to postgresql.conf requires pg_ctl reload or something similar. I am not aware of anyone else who thinks changing postgresql.conf and then reloading causes the session to use new ssl keys/files, and explaining that in the docs might be more confusing than helpful. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.