TSSLMode Enumeration

This option determines whether or with what priority an SSL connection will be negotiated with the server.

Unit

Syntax

TSSLMode = (smDisable, smRequire, smPrefer, smAllow, smVerifyCA, smVerifyFull);

Values

Value Meaning

smAllow
Negotiates trying first a non-SSL connection, then if that fails, tries an SSL connection.

smDisable
Only an unencrypted SSL connection will be attempted.

smPrefer
Negotiates trying first an SSL connection, then if that fails, tries a regular non-SSL connection.

smRequire
Tries only an SSL connection.

smVerifyCA
Verifies server identity by validating the server certificate chain up to the root certificate installed on the client machine.

smVerifyFull
Verifies server identity by validating the server certificate chain up to the root certificate installed on the client machine and validates that the server hostname matches the server certificate.

Value	Meaning
smAllow	Negotiates trying first a non-SSL connection, then if that fails, tries an SSL connection.
smDisable	Only an unencrypted SSL connection will be attempted.
smPrefer	Negotiates trying first an SSL connection, then if that fails, tries a regular non-SSL connection.
smRequire	Tries only an SSL connection.
smVerifyCA	Verifies server identity by validating the server certificate chain up to the root certificate installed on the client machine.
smVerifyFull	Verifies server identity by validating the server certificate chain up to the root certificate installed on the client machine and validates that the server hostname matches the server certificate.

Remarks

The default value is smDisable.

If PostgreSQL is compiled without SSL support, using option smRequire will cause an error, while options smAllow and smPrefer will be accepted, but PgDAC will not in fact attempt an SSL connection.

Request Support

DAC Forum

Provide Feedback