EPUB | CHM | PDF

TPSQLDatabase.Properties.SSLMode

Top Previous Next

Determines whether or with what priority an SSL connection will be negotiated with the server.

Syntax:

type
  TSSLMode = (sslDisable , sslAllow, sslPrefer, sslRequire, sslVerifyCA, sslVerifyFull);
property SSLMode: TSSLMode;

Description:

There are the following modes available:

      • sslDisable will attempt only an unencrypted SSL connection;
      • sslAllow will negotiate, trying first a non-SSL connection, then if that fails, trying an SSL connection;
      • sslPrefer (the default) will negotiate, trying first an SSL connection, then if that fails, trying a regular non-SSL connection;
      • sslRequire will try only an SSL connection;
      • sslVerifyCA will only try an SSL connection, and verify that the server certificate is issued by a trusted CA;
      • sslVerifyFull will only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the server hostname matches that in the certificate.

If PostgreSQL is compiled without SSL support, using option sslRequire will cause an error, while options sslAllow and sslPrefer will be accepted but client library (libpq.dll) will not in fact attempt an SSL connection.

See also: SSLCert, SSLCRL, SSLKey, SSLRootCert