skip to main content
Using the Driver : Using Security : SSL Encryption : Summary of Data Encryption Related Options
  

Try DataDirect Drivers Now
Summary of Data Encryption Related Options
The following table summarizes how security-related connection options work with the drivers. The connection options are listed alphabetically by the GUI name that appears on the driver Setup dialog box. The connection string attribute name is listed in parentheses. See "Connection Option Descriptions for SQL Server Wire Protocol" for details about configuring the options.
Table 6. Summary: Data Encryption Connection Options
Option
Description
Determines which version of the OpenSSL library file the driver uses for data encryption. Although the latest version of the OpenSSL library is the most secure, some characteristics of the library can cause connections to certain databases to fail. This option allows you to continue using older versions of the OpenSSL library while you transition your environment to support the latest version.
Default: 1.1.1,1.0.2
Specifies the cryptographic protocols to use when SSL is enabled using the Encryption Method connection option (EncryptionMethod=1 | 6 | 7).
Default: TLSv1.2, TLSv1.1, TLSv1
The absolute path for the OpenSSL library file containing the cryptographic library to be used by the data source or connection when SSL is enabled. The cryptograpic library contains the implementations of cryptographic algorithms the driver uses for data encryption.
Default: Empty string
The method the driver uses to encrypt data sent between the driver and the database server.
If set to 0 (None), data is not encrypted.
If set to 1 (SSL), data is encrypted using the SSL protocols specified in the Crypto Protocol Version connection option.
If set to 6 (RequestSSL), the login request and data are encrypted using SSL if the server is configured for SSL. If the server is not configured for SSL, an unencrypted connection is established. The SSL protocol used is determined by the setting of the Crypto Protocol Version connection option.
If set to 7 (LoginSSL), the login request is encrypted using SSL regardless of whether the server is configured for SSL. The data is encrypted using SSL if the server is configured for SSL, and the data is unencrypted if the server is not configured for SSL. The SSL protocol used is determined by the setting of the Crypto Protocol Version connection option.
Default: 0 (None)
A host name for certificate validation when SSL encryption is enabled (Encryption Method=1 | 6 | 7) and validation is enabled (Validate Server Certificate=1).
Default: None
The absolute path for the OpenSSL library file containing the SSL library to be used by the data source or connection when SSL is enabled. The SSL library contains the implementations of SSL protocols the driver uses for data encryption.
Default: Empty string
The absolute path of the truststore file to be used when SSL is enabled (EncryptionMethod=1 | 6 | 7) and server authentication is used.
Default: None
Specifies the password that is used to access the truststore file when SSL is enabled (EncryptionMethod=1 | 6 | 7) and server authentication is used.
Default: None
If enabled, the driver validates the certificate that is sent by the database server. Any certificate from the server must be issued by a trusted CA in the truststore file. If the Host Name In Certificate option is specified, the driver also validates the certificate using a host name. The Host Name In Certificate option provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.
If disabled, the driver does not validate the certificate that is sent by the database server. The driver ignores any truststore information specified by the Trust Store and Trust Store Password options.
Default: Enabled
* Connection String Examples for Configuring Data Encryption
* odbc.ini File Examples for Configuring Data Encryption