Use the SSLPROTOCOL parameter to specify the desired TLS protocol version.
| Value | Description |
|---|---|
| TLS1_2 | Use TLS version 1.2 protocol. |
| TLS1_3 | Use TLS version 1.3 protocol. |
If SSLPROTOCOL is not specified, TLS connection is decided by gateway setting. See the "TLS Connection Behavior with CLIv2 and Gateway Setting" table at the end of this topic.
This parameter can be set using the following methods:
- clispb.dat
- Environment variable
- Connection string
clispb.dat
Add the following line to clispb.dat:
sslprotocol={TLS1_2 | TLS1_3}Environment Variable
Before executing the client application, set the SSLPROTOCOL environment variable to the desired protocol version:
Non-Windows
$ export SSLPROTOCOL={TLS1_2 | TLS1_3 }Windows:
C:\> set SSLPROTOCOL={TLS1_2 | TLS1_3}Connection String
The connect_ptr parameter in the DBCAREA structure can be set to a string containing the sslprotocol attribute:
dbcarea.connect_ptr = “sslprotocol={TLS1_2 | TLS1_3}”
Set the dbcarea.connect_len parameter to the length of the string assigned to dbcarea.connect_ptr.
TLS Connection Behavior with CLIv2 and Gateway Setting
The following table shows the expected TLS connection behavior with CLIv2 and Gateway setting.
| CLIv2 | Gateway Protocol Value from gtwcontrol Setting | ||
|---|---|---|---|
| SSLPROTOCOL | 1.2 | 1.3 | 1.2+1.3 |
| Not specified | TLS 1.2 connection | TLS 1.3 connection | TLS 1.3 connection |
| TLS1_2 | TLS 1.2 connection | Connection error | TLS 1.2 connection |
| TLS1_3 | Connection error | TLS 1.3 connection | TLS 1.3 connection |