Participants
John McCawley
John McCawley
Dave Page
Dave Page
Attachments
Show all attachments
Thread Outline
#1John McCawleyJohn McCawley
Dec 11, 2006
#2Dave PageDave Pageto John McCawley (#1)
Dec 11, 2006
#3John McCawleyJohn McCawleyto Dave Page (#2)
Dec 11, 2006
#4Dave PageDave Pageto John McCawley (#3)
Dec 11, 2006
#5John McCawleyJohn McCawleyto Dave Page (#4)
Dec 11, 2006

Status of SSL encryption in ODBC driver

Started by John McCawleyover 19 years ago5 messagesgeneral
Jump to latest
#1John McCawley
John McCawley
nospam@hardgeus.com

I did a few searches on the mailing list, and checked the documentation
of psqlODBC, and I'm confused as to the current status of SSL support in
psqlODBC. From the mailing list, it appears that the Open Source driver
does not fully support SSL, and I would need to use the commercial ODBC
driver from commandprompt if I needed SSL support.

In the FAQ, I see an indication that encrypted passwords are supported,
but encrypted data is not. But then there is a note "*Note:* As of
version 08.01.002, psqlODBC now supports SSL encrypted connections."

Does this mean that SSL encryption is now fully supported?

John

#2Dave Page
Dave Page
dpage@pgadmin.org
In reply to: John McCawley (#1)
Re: Status of SSL encryption in ODBC driver

John McCawley wrote:

I did a few searches on the mailing list, and checked the documentation
of psqlODBC, and I'm confused as to the current status of SSL support in
psqlODBC. From the mailing list, it appears that the Open Source driver
does not fully support SSL, and I would need to use the commercial ODBC
driver from commandprompt if I needed SSL support.

In the FAQ, I see an indication that encrypted passwords are supported,
but encrypted data is not. But then there is a note "*Note:* As of
version 08.01.002, psqlODBC now supports SSL encrypted connections."

Does this mean that SSL encryption is now fully supported?

Yes, as well as Kerberos, and pgpass files (though the SSL option must
be set to something other than disabled for those to work).

Regards, Dave.

#3John McCawley
John McCawley
nospam@hardgeus.com
In reply to: Dave Page (#2)
Re: Status of SSL encryption in ODBC driver

Where would I go to find the connection string settings to turn it on? I
have dug around quite a bit, and tried everything I have found, but
nothing seems to work, and the docs included with the driver don't seem
to cover it.

Dave Page wrote:

Show quoted text

John McCawley wrote:

I did a few searches on the mailing list, and checked the
documentation of psqlODBC, and I'm confused as to the current status
of SSL support in psqlODBC. From the mailing list, it appears that
the Open Source driver does not fully support SSL, and I would need
to use the commercial ODBC driver from commandprompt if I needed SSL
support.

In the FAQ, I see an indication that encrypted passwords are
supported, but encrypted data is not. But then there is a note
"*Note:* As of version 08.01.002, psqlODBC now supports SSL encrypted
connections."

Does this mean that SSL encryption is now fully supported?

Yes, as well as Kerberos, and pgpass files (though the SSL option must
be set to something other than disabled for those to work).

Regards, Dave.

#4Dave Page
Dave Page
dpage@pgadmin.org
In reply to: John McCawley (#3)
Re: Status of SSL encryption in ODBC driver

John McCawley wrote:

Where would I go to find the connection string settings to turn it on? I
have dug around quite a bit, and tried everything I have found, but
nothing seems to work, and the docs included with the driver don't seem
to cover it.

The easy method is to setup a DSN as required, then connect it with
logging enable using any old ODBC app and pull the connection string
from the logfile.

IIRC though, you need one of:

sslmode=disable
sslmode=allow
sslmode=prefer
sslmode=require

If you use the first, libpq will not be loaded which means that the
other benefits of it (the kerberos support, pgpass.txt etc) will also
not be available. The reason it is done this way is to allow the driver
to be distributed as a single DLL for those that require the most basic
setup. In all other cases, libpq (and it's myriad of supporting DLLs)
will be dynamically loaded and used for connection setup.

Regards, Dave.

#5John McCawley
John McCawley
nospam@hardgeus.com
In reply to: Dave Page (#4)
Re: Status of SSL encryption in ODBC driver

sslmode=require did the trick. Thanks!

Dave Page wrote:

Show quoted text

John McCawley wrote:

Where would I go to find the connection string settings to turn it
on? I have dug around quite a bit, and tried everything I have found,
but nothing seems to work, and the docs included with the driver
don't seem to cover it.

The easy method is to setup a DSN as required, then connect it with
logging enable using any old ODBC app and pull the connection string
from the logfile.

IIRC though, you need one of:

sslmode=disable
sslmode=allow
sslmode=prefer
sslmode=require

If you use the first, libpq will not be loaded which means that the
other benefits of it (the kerberos support, pgpass.txt etc) will also
not be available. The reason it is done this way is to allow the
driver to be distributed as a single DLL for those that require the
most basic setup. In all other cases, libpq (and it's myriad of
supporting DLLs) will be dynamically loaded and used for connection
setup.

Regards, Dave.

← Back to Topics