Direct DRDA Connection properties

Direct DRDA Connection properties define how the connection to a particular data source is established. You can specify Direct DRDA Connection properties in the Advanced JDBC Settings window.

The Direct DRDA Connection has the following properties:

Parameters

securityMechanism

This property specifies the Direct DRDA Connection security mechanism. The data type of this property is integer. Possible values are:

SECMEC.I_USRIDPWD = 3
Neither user ID nor password is encrypted.
SECMEC.I_EUSRIDPWD = 9
Both user ID and password are encrypted.
SECMEC.I_EUSRPWDDTA = 13
The user ID, Password, and Data are encrypted.

If you do not specify a value for securityMechanism, the requester attempts to connect using the security mechanism without any encryption.

If the server accepts only encrypted login information, the requester attempts to switch to the corresponding security mechanism.

If a connection cannot be established because the server does not support that security mechanism, an exception is thrown.

sslConnection

This property specifies whether the use of SSL certificates is enabled for the current connection. The data type of this property is string. Possible values are:

true: Specifies that the use of SSL certificates is enabled.
false: Specifies that the use of SSL certificates is disabled.

sslClientHostnameValidation

This property specifies whether the IBM Data Server Driver for JDBC and SQLJ validate the host name of the client while establishing a connection to the data server that uses transport level security (TLS). Possible values are:

BASIC: Specifies that the host name validation is enabled. During the TLS handshake, when the data server sends its certificate to the driver, the driver checks whether the host name or its corresponding IP address in the certificate matches the host name or corresponding IP address that the application provides to the driver.

OFF: Specifies that the host name validation is disabled.

sslTrustStoreLocation

This property specifies the path to the truststore file that is used for the connection. The data type of this property is string. The value must contain a path to the truststore file.

sslKeyStoreType

This property specifies the type of keystore that needs to be added for SSL connections. Possible values are:

JCEKS (Java Cryptography Extension KeyStore): This is a more secure version of the default JKS keystore. Supports both secret and private keys. Allows stronger encryption algorithms.

JKS (Java KeyStore): This is the default keystore type in Java. Stores private keys and certificates. Uses a proprietary format and is widely used in Java applications.

PKCS12 (Public-Key Cryptography Standards #12): An industry-standard format for storing private keys and certificates. Supported by a wide range of applications and platforms. Uses a more secure, standardized format compared to JKS.

WINDOWS-MY: Refers to the "MY" keystore in Windows. Used to access personal certificates in the Windows Certificate Store. Typically utilized in Windows environments where certificates are managed by the operating system.

WINDOWS-ROOT: Refers to the "ROOT" keystore in Windows. Used to access root certificates in the Windows Certificate Store. Useful for trusting root Certificate Authorities (CAs) within a Windows environment.

sslTrustStoreType

This property specifies the type of the trusted certificate file. Possible values are:

JCEKS (Java Cryptography Extension KeyStore): This is a more secure version of the default JKS keystore. Supports both secret and private keys. Allows stronger encryption algorithms.

JKS (Java KeyStore): This is the default keystore type in Java. Stores private keys and certificates. Uses a proprietary format and is widely used in Java applications.

PKCS12 (Public-Key Cryptography Standards #12): An industry-standard format for storing private keys and certificates. Supported by a wide range of applications and platforms. Uses a more secure, standardized format compared to JKS.

WINDOWS-MY: Refers to the "MY" keystore in Windows. Used to access personal certificates in the Windows Certificate Store. Typically utilized in Windows environments where certificates are managed by the operating system.

WINDOWS-ROOT: Refers to the "ROOT" keystore in Windows. Used to access root certificates in the Windows Certificate Store. Useful for trusting root Certificate Authorities (CAs) within a Windows environment.

sslTrustStorePassword

This property specifies the password to the truststore file that is used for the connection. The data type of this property is string. The value must contain a password to the truststore file.

enableBidiLayoutTransformation

This property specifies the way the Direct DRDA Connection processes bidirectional data. Enabling this property allows QMF DRDA driver to correctly handle the data entered in a language with the right-to-left writing system (such as Arabic) that is stored in visual order. If the data is stored in logical order, enabling this option will result in incorrect data output.

true: The enableBidiLayoutTransformation property is enabled.
false: The enableBidiLayoutTransformation property is disabled.

Note: If the enableBidiLayoutTransformation option is enabled, users cannot insert, edit, or delete any data in the database. Also, with the enableBidiLayoutTransformation option enabled, the driver is configured to handle BiDi data on the server machine and on the client machine differently. See the table in the topic Db2 Type 4 UDB JDBC driver parameters for bidirectional layout transformations procedure for details. For the server machine, see the row that corresponds with value 4. For the client machine, see the row that corresponds with value 5.