Обсуждение: Status of SSL encryption in ODBC driver
I did a few searches on the mailing list, and checked the documentation of psqlODBC, and I'm confused as to the current status of SSL support in psqlODBC. From the mailing list, it appears that the Open Source driver does not fully support SSL, and I would need to use the commercial ODBC driver from commandprompt if I needed SSL support. In the FAQ, I see an indication that encrypted passwords are supported, but encrypted data is not. But then there is a note "*Note:* As of version 08.01.002, psqlODBC now supports SSL encrypted connections." Does this mean that SSL encryption is now fully supported? John
John McCawley wrote: > I did a few searches on the mailing list, and checked the documentation > of psqlODBC, and I'm confused as to the current status of SSL support in > psqlODBC. From the mailing list, it appears that the Open Source driver > does not fully support SSL, and I would need to use the commercial ODBC > driver from commandprompt if I needed SSL support. > > In the FAQ, I see an indication that encrypted passwords are supported, > but encrypted data is not. But then there is a note "*Note:* As of > version 08.01.002, psqlODBC now supports SSL encrypted connections." > > Does this mean that SSL encryption is now fully supported? Yes, as well as Kerberos, and pgpass files (though the SSL option must be set to something other than disabled for those to work). Regards, Dave.
Where would I go to find the connection string settings to turn it on? I have dug around quite a bit, and tried everything I have found, but nothing seems to work, and the docs included with the driver don't seem to cover it. Dave Page wrote: > John McCawley wrote: > >> I did a few searches on the mailing list, and checked the >> documentation of psqlODBC, and I'm confused as to the current status >> of SSL support in psqlODBC. From the mailing list, it appears that >> the Open Source driver does not fully support SSL, and I would need >> to use the commercial ODBC driver from commandprompt if I needed SSL >> support. >> >> In the FAQ, I see an indication that encrypted passwords are >> supported, but encrypted data is not. But then there is a note >> "*Note:* As of version 08.01.002, psqlODBC now supports SSL encrypted >> connections." >> >> Does this mean that SSL encryption is now fully supported? > > > Yes, as well as Kerberos, and pgpass files (though the SSL option must > be set to something other than disabled for those to work). > > Regards, Dave.
John McCawley wrote: > Where would I go to find the connection string settings to turn it on? I > have dug around quite a bit, and tried everything I have found, but > nothing seems to work, and the docs included with the driver don't seem > to cover it. The easy method is to setup a DSN as required, then connect it with logging enable using any old ODBC app and pull the connection string from the logfile. IIRC though, you need one of: sslmode=disable sslmode=allow sslmode=prefer sslmode=require If you use the first, libpq will not be loaded which means that the other benefits of it (the kerberos support, pgpass.txt etc) will also not be available. The reason it is done this way is to allow the driver to be distributed as a single DLL for those that require the most basic setup. In all other cases, libpq (and it's myriad of supporting DLLs) will be dynamically loaded and used for connection setup. Regards, Dave.
sslmode=require did the trick. Thanks! Dave Page wrote: > John McCawley wrote: > >> Where would I go to find the connection string settings to turn it >> on? I have dug around quite a bit, and tried everything I have found, >> but nothing seems to work, and the docs included with the driver >> don't seem to cover it. > > > The easy method is to setup a DSN as required, then connect it with > logging enable using any old ODBC app and pull the connection string > from the logfile. > > IIRC though, you need one of: > > sslmode=disable > sslmode=allow > sslmode=prefer > sslmode=require > > If you use the first, libpq will not be loaded which means that the > other benefits of it (the kerberos support, pgpass.txt etc) will also > not be available. The reason it is done this way is to allow the > driver to be distributed as a single DLL for those that require the > most basic setup. In all other cases, libpq (and it's myriad of > supporting DLLs) will be dynamically loaded and used for connection > setup. > > Regards, Dave. >