To configure database connections under the IBM® Data Server Driver for JDBC and
SQLJ to use Transport Layer Security (TLS), you need
to set the DB2BaseDataSource.sslConnection property to
true.
Before you begin
Before a connection to a data source can use Transport Layer Security (TLS), the port to
which the application connects must be configured in the database server as the TLS listener port.
Procedure
-
Set DB2BaseDataSource.sslConnection on a Connection or DataSource instance.
- Optional:
Set the location of the truststore and the truststore password. The truststore location can be
set without the password, but it is best to set both values.
-
Set DB2BaseDataSource.sslTrustStoreLocation on a Connection or DataSource
instance to identify the location of the truststore.
Setting the sslTrustStoreLocation property is an alternative to setting the
Java™
javax.net.ssl.trustStore property. If you set
DB2BaseDataSource.sslTrustStoreLocation,
javax.net.ssl.trustStore is not used.
- Optional:
Set DB2BaseDataSource.sslTrustStorePassword on a Connection or DataSource
instance to identify the truststore password.
Setting the sslTrustStorePassword property is an alternative to setting the
Java
javax.net.ssl.trustStorePassword property. If you set
DB2BaseDataSource.sslTrustStorePassword,
javax.net.ssl.trustStorePassword is not used.
- Optional:
Set DB2BaseDataSource.sslCipherSuites on a Connection or DataSource
instance, if you do not want to use the default cipher suites that are enabled in the JRE (Java Runtime Environment). The driver enables only the cipher
suites that you set.
Example
The following example demonstrates how to set the sslConnection property
on a Connection
instance:java.util.Properties properties = new java.util.Properties();
properties.put("user", "xxxx");
properties.put("password", "yyyy");
properties.put("sslConnection", "true");
java.sql.Connection con =
java.sql.DriverManager.getConnection(url, properties);