Secure Sockets Layer

Db2® for i Distributed Relational Database Architecture™ (DRDA) clients & servers support Secure Sockets Layer (SSL). A similar function is available with Internet Protocol Security Architecture (IPSec).

The DDM TCP/IP client and server support the SSL data encryption protocol. You can use this protocol to interoperate with other clients and servers that support SSL for record-level access, such as IBM® Toolbox for Java™ and IBM i Access Family OLE DB Provider. Using this protocol, you can also interoperate with any DDM file I/O clients provided by independent software vendors that might support SSL.

To use SSL with the IBM i DDM TCP/IP server, you must configure the client to connect to SSL port 448 on the server.

To use SSL as a DDM TCP/IP client, you must specify SECCNN(*SSL) on the Add RDB Directory Entry (ADDRDBDIRE) command or Change RDB Directory Entry (CHGRDBDIRE) command.

If you specify PWDRQD(*USRENCPWD) on the Change DDM TCP/IP Attributes (CHGDDMTCPA) command, you can use any valid password along with SSL. This is possible because the system recognizes that the whole data stream, including the password, is encrypted.