> On May 2, 2023, at 12:15, Tomas Pospisek <tpo2@xxxxxxxxxxxxx> wrote: > > Oh, I think your idea to use pgbouncer to take care of the SSL termination is elegant. I don't think me I'd characterize it as a hack if properly set up. Why do you consider it a hack? It's really only a hack in the sense that pgbouncer is being introduced just to do TLS. You might be able to do the same thing by running stunnel on the PostgreSQL host on a different port, and have it forward to PostgreSQL.