SecurityTransportMode IBM data server driver configuration keyword

Sets the communication security type.

Equivalent CLI keyword
Security
Equivalent IBM® data server provider for .NET connection string keyword
Security
IBM data server driver configuration file (db2dsdriver.cfg) syntax
<parameter name="SecurityTransportMode" value="SSL"/>
Default setting:
There is no default setting.
Usage notes:
The SecurityTransportMode keyword specifies whether the TCP/IP with SSL protocols are used in connection to the database server. The default value is an empty string.

When the SecurityTransportMode keyword is set to SSL, you can specify the keystore database with the SSLClientKeystoredb keyword. The keystore database that is specified with the SSLClientKeystoredb keyword can be access using either the password that is set with the SSLClientKeystoreDBPassword keyword or the stash file that is set with the SSLClientKeystash keyword.

If the SSLClientKeystoredb keyword is not set, the driver generates an in-memory keystore when the application calls one of the following functions.
  • SQLDriverConnect()
  • SQLConnect()
  • SQLBrowseConnect()
Subsequent calls to these functions in the same application process share the previously created in-memory keystore. The in-memory keystore is destroyed when the application closes.

The in-memory keystore is populated with the DigiCert Global Root CA certificate. Applications connecting to a database server using a certificate signed by the DigiCert Global Root CA only need to set SecurityTransportMode = SSL and do not need to set SSLServerCertificate, SSLClientKeystoredb, SSLClientKeystash, or SSLClientKeystoredbpassword. The DigiCert Global Root CA is used for TLS connections to DashDB, SQLDB, and Db2 Warehouse on Cloud from version 11.0 and later later.