Using SSL v13
EDB Postgres Advanced Server provides native support for using SSL connections to encrypt client/server communications for increased security. In OCL, it is controlled by setting the sslmode
parameter to verify-full
or verify-ca
, and providing the system with a root certificate to verify against.
Steps of SSL configuration:
Configure the Server and Client Side Certificates; for detailed information about configuring SSL client and server side certificates, refer to the PostgreSQL SSL documentation.
Enable the SSL OCL Connection:
In an OCL client application, you can enable SSL mode by setting the
EDB_ATTR_SSL
attribute inSession
.
Note
EDB_ATTR_SSL
is defined in edboci.h
header file available in installation directory.
- After setting SSL attribute, you can use the
OCILogon
function to create a connection:
Once the server is authenticated, then the client is ready to pass sensitive data.
For more information about the supported SSL mode options, please see:
https://www.postgresql.org/docs/13/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS