Data Mover supports TLS 1.2 to encrypt communication between itself and SQL-Engine. The following utilities support TLS 1.2.
|TPTAPI||Data movement between TPTAPI (running on Data Mover servers) and Source/Target SQL-Engine is encrypted.|
|JDBC||All communication and data movement by JDBC (running on Data Mover servers) and Source/Target SQL-Engine is encrypted. This includes calling DBC Views, creating or dropping tables on target, copy stats, and others.|
A subset of parameters to allow TLS 1.2 are sslmode, tdmstport, tdmstlsport, sslca, sslcapath, and sslprotocol. Please refer to the documentation on TPTAPI and JDBC to configure the exact parameters.
<property> <key>tpt.connection</key> <value>sslmode=allow;</value> <value system="systemA">sslmode=required; tdmstport=1025; tdmsttlsport=443; sslcapath=/etc/ssl/mycerts</value> </property>Here, sslmode=required and three other parameters are used for TPTAPI connection when systemA is a source or target; and sslmode=allow is used for all the other systems.
User can specify both properties through the command line (datamovelist/save_configuration) as well as through REST API.