Addition of a new option in postgresql.conf called encrypt_connection that will
allow the pooler to create encrypted connections to other nodes of the cluster.
This parameter can be a simple switch on/off.
This feature is a prerequisite for cluster security.
Support of SSL protocol would need a certain effort to be implemented.
Now PGXC pooler returns to postmaster child only a socket number which is used to send or read some data.
In libpq, there is SSL support but most of the APIs need PGConn structures to work properly.
It is necessary to do direct calls to libssl as the data present in child is only the socket number.
There is always the solution to write and read data directly from pooler but this is absolutely to avoid as this will hugely impact performance.
Just noting that I think it is probably better to have data nodes accessible only on an internal subnet and not have to worry about encrypted connections to data nodes. Coordinators can still accept encrypted connections, however, including coord-coord.