SSL Encryption
All PhoenixDB connections are encrypted with SSL/TLS by default.
Encryption by Default
Every connection to PhoenixDB is encrypted using TLS 1.2 or higher. You don't need to configure anything — security is built-in from day one.
How It Works
Let's Encrypt Certificates
PhoenixDB uses wildcard SSL certificates from Let's Encrypt for all*.phoenixdb.space subdomains. These are trusted by all major operating systems and browsers.
TLS 1.2 and TLS 1.3
We support TLS 1.2 and TLS 1.3 protocols. Older, insecure protocols (SSL 3.0, TLS 1.0, TLS 1.1) are disabled.
End-to-End Encryption
Data is encrypted from your application all the way to the database server. No unencrypted hops in between.
SSL in Connection Strings
The sslmode=require parameter ensures encrypted connections:
postgresql://postgres:password@abc123.phoenixdb.space:5432/mydb?sslmode=requireSupported SSL Modes
| Mode | Encryption | Certificate Verification | Recommended |
|---|---|---|---|
| require | Yes | No | |
| prefer | If available | No | — |
| verify-ca | Yes | CA only | — |
| verify-full | Yes | CA + hostname | — |
Tip: For most applications, sslmode=require provides the best balance of security and compatibility.
Security Features
Automatic Certificate Renewal
Certificates are automatically renewed before expiration. No downtime, no manual intervention.
Strong Cipher Suites
We use modern, secure cipher suites and disable weak or deprecated algorithms.
Perfect Forward Secrecy
PFS ensures that past sessions cannot be decrypted even if the server's private key is compromised.
HSTS Headers
HTTP Strict Transport Security headers prevent protocol downgrade attacks.