sslMode property
Specify how SSL/TLS is enforced in database connections.
This flag is supported only for PostgreSQL. Use the legacy require_ssl
flag for enforcing SSL/TLS in MySQL and SQL Server. But, for PostgreSQL,
use the ssl_mode flag instead of the legacy require_ssl flag. To avoid
the conflict between those flags in PostgreSQL, only the following value
pairs are valid: * ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED and
require_ssl=false * ssl_mode=ENCRYPTED_ONLY and require_ssl=false *
ssl_mode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED and require_ssl=true Note
that the value of ssl_mode gets priority over the value of the legacy
require_ssl. For example, for the pair ssl_mode=ENCRYPTED_ONLY, require_ssl=false, the ssl_mode=ENCRYPTED_ONLY means "only accepts SSL
connection", while the require_ssl=false means "both non-SSL and SSL
connections are allowed". The database respects ssl_mode in this case
and only accepts SSL connections.
Possible string values are:
- "SSL_MODE_UNSPECIFIED" : The SSL mode is unknown.
- "ALLOW_UNENCRYPTED_AND_ENCRYPTED" : Allow non-SSL/non-TLS and SSL/TLS
connections. For SSL/TLS connections, the client certificate won't be
verified. When this value is used, the legacy
require_sslflag must be false or cleared to avoid the conflict between values of two flags. - "ENCRYPTED_ONLY" : Only allow connections encrypted with SSL/TLS. When
this value is used, the legacy
require_sslflag must be false or cleared to avoid the conflict between values of two flags. - "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : Only allow connections encrypted
with SSL/TLS and with valid client certificates. When this value is used,
the legacy
require_sslflag must be true or cleared to avoid the conflict between values of two flags.
Implementation
core.String? sslMode;