Skip to content
Tech News
← Back to articles

The way CTRL-C in Postgres CLI cancels queries is incredibly hack-y

2026-03-20 | original
read original get PostgreSQL Query Cancellation Button → more articles
Why This Matters

This article highlights the hacky nature of how PostgreSQL handles query cancellations via Ctrl-C, revealing underlying complexities and potential race conditions in the process. Understanding this mechanism is crucial for developers and database administrators to better manage query interruptions and avoid unintended consequences in production environments.

Key Takeaways

There are a few different reasons to hit the brakes on a Postgres query. Maybe it’s taking too long to finish. Maybe you realised you forgot to create an index that will make it orders of magnitude quicker. Maybe there’s some reason the results are no longer needed.

Or maybe you, or your LLM buddy, made a mistake in the SQL, and you only noticed it while you were waiting for it to return. Maybe it’s even a mistake [scary chords play] that could have valuable production data as collateral damage. But let’s hope it isn’t (or, if it is, that you’re using a system that does time-travel, like Neon).

Whatever the reason, if you’re a psql command-line user, Ctrl-C is in your muscle memory. So now you’re looking at the words Cancel request sent , followed shortly after by the not-really-an-error message ERROR: cancelling statement due to user request . But what’s going on behind the scenes?

How CancelRequest works

To cancel a Postgres query, the Postgres client makes a new and additional connection to the server, in the form of a CancelRequest. The server distinguishes this from an ordinary client connection via a magic protocol version number at the beginning of the startup message: the latest Postgres protocol is v3.2 (or 0x00030002 ), but a CancelRequest claims to be v1234.5678 (or 0x04d2162e ).

A CancelRequest targets a connection rather than a specific query. The target connection is identified to the server by two numbers that the server originally provided to the client at the end of their connection handshake (via the BackendKeyData message).

The numbers are a 4-byte process ID and a secret random key value, traditionally also 4 bytes long. Aside from an initial length-of-message value, that’s everything the client sends. No credentials are required except that 4-byte secret key.

It’s perhaps slightly surprising that Postgres cancels by connection rather than by query. It leads to a race condition: we risk cancelling a different query to the one that was running at the moment we asked to cancel it (this isn’t great, but the heebie-jeebies are pretty mild so far: maybe a 2 or 3 out of 10).

But here’s a bigger surprise: psql always sends this CancelRequest unencrypted. Even if the connection carrying the query to be cancelled has the strictest possible TLS settings ( sslmode=verify-full , channel_binding=require , and so on), psql always goes right ahead and cancels in plaintext.

The Postgres server on the other end of the exchange has accepted CancelRequest messages over TLS ever since it got TLS support. But until Postgres 17 — that is, less than 18 months ago — there was simply no support for encrypting a CancelRequest in libpq, the client-side Postgres C library on which psql is built.

... continue reading

Explore topics: postgresql cancelrequest neon psql sql
Related:
Show HN: Atomic – self-hosted, semantically-connected personal knowledge base
Show HN: Atomic – Self-hosted, semantically-connected personal knowledge base
Work_mem: It's a Trap
25 Years of Eggs
Enterprise AI agents keep operating from different versions of reality — Microsoft says Fabric IQ is the fix

© 2026 GoKawiil

About | Editorial Policy | Contact