There are several options to configure SSL, also for accessing the Postgres repository, as described in this article
None of them fulfills our needs which are:
- do NOT encrypt internal communication for performance reasons (secure because behind a firewall).
- enforce encryption of external communication, especially to the Postgres repository (not protected by a firewall).
So please provide a way to enforce SSL for external communication only, especially for accessing the Postgres repository.
This then provides the best of both, security and performance.