View Only
  • 1.  JDBC & TLS/SSL

    Posted 28 days ago

    Pardon the n00b-ish question, but I'm [thankfully] mostly Java and JDBC illiterate. Traditionally, we've connected to JDBC data sources by using something like the following:


    This works for 'onsoctcp' services. For 'onsocssl' services, we must do this:


    Recently, we've started switching to using sqlhosts instead of hard-coding the host/port into the URL. That looks something like this:


    What I'm curious about is whether the SSLCONNECTION=true is necessary, since the protocol is specified in sqlhosts. If it is, that's problematic, as we still have a mix of onsoctcp and onsocssl. If so, that's problematic, because I'd ideally like to make the connections as simple as specifying the INFORMIXSERVER and database name; requiring users and apps to conditionally specify SSLCONNECTION undermines the simplicity of the approach, and forces them to once again update connection strings as we transition legacy onsoctcp listeners to onsocssl.

    Thanks in advance for any insight.


  • 2.  RE: JDBC & TLS/SSL

    Posted 28 days ago

    Depending on the exact version TRUE is case sensitive J


    These are lift from my java CM/SSL  test harness, I can supply the code if you need it



    url[0] ="jdbc:informix-sqli://INFORMIXSERVER=direct;DATABASE=xxx;USER=informix;PASSWORD=xxx;SQLH_TYPE=FILE;SQLH_FILE=C:/somewhere/sqlhosts;SSLCONNECTION=true;";

    url[1] ="jdbc:informix-sqli://INFORMIXSERVER=cm_direct;database=xxx;user=informix;password=xxxx;SQLH_TYPE=FILE;SQLH_FILE=C:/somewhere/sqlhosts;SSLCONNECTION=true;";

    url[2] ="jdbc:informix-sqli://INFORMIXSERVER=group_cm;database=xxx;user=informix;password=xxxxx;SQLH_TYPE=FILE;SQLH_FILE=C:/where/sqlhosts;SSLCONNECTION=true;";

    url[3] ="jdbc:informix-sqli://someserver:1524/xxxx:INFORMIXSERVER=nossl;user=informix;password=xxxx;";







  • 3.  RE: JDBC & TLS/SSL

    Posted 27 days ago
    Yes the SSLCONNECTION=true is required regardless of using the SQLHOST file.  The driver looks to this parameter to setup the TLS to make the connection. It does not look at the SQLHOST protocols for this purpose.

    The point is valid that if the SQLHOST file has enough information to determine if it's SSL/TLS then the SSLCONNECTION parameter mightbe unnecessary. I would open a request to the Informix team see if they can fix that.

    Brian Hughes

  • 4.  RE: JDBC & TLS/SSL

    Posted 27 days ago
    Yeah, that's a PITA. Thanks for the confirmation of what I already suspected.