SSLconfig.ini and SSLClientconfig.ini files replaced with new database manager configuration parameters

Details

The new database manager configuration parameters for server-side SSL support are as follows:

• ssl_svr_keydb specifies the fully qualified path of the key database file.
• ssl_svr_stash specifies the fully qualified path of the stash file that holds the encrypted password to the key database.
• ssl_svr_label specifies the label of the digital certificate of the server in the key database.
• ssl_svcename specifies the port that the database server uses to await communications from remote clients using the SSL protocol.
• ssl_cipherspecs (optional) specifies the cipher suites that the server supports.
• ssl_versions (optional) specifies the SSL and TLS versions that the server supports.

The new database manager configuration parameters for client-side SSL support are as follows:

• ssl_clnt_keydb specifies the fully qualified path of the key database file on the client.
• ssl_clnt_stash specifies the fully qualified path of the stash file on the client.

User response

To set up SSL support, set values for the new database manager configuration parameters.

The following tables show how the parameters in the SSLconfig.ini and SSLClientconfig.ini files map to these new database manager configuration parameters. The ssl_cipherspecs and ssl_versions parameters do not have equivalent parameters in these files; they provide new configuration options.

The ssl_svr_stash database manager configuration parameter is not exactly equivalent to the DB2_SSL_KEYSTORE_PW parameter. The ssl_svr_stash configuration parameter points to a stash file that holds the encrypted password to a key database, whereas the DB2_SSL_KEYSTORE_PW parameter specifies the password itself.