This configuration parameter specifies Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) versions that the server
supports for incoming connection requests.
- Configuration type
- Database manager
- Applies to
- Database server with local and remote clients
- Database server with local clients
- Partitioned database server with local and remote clients
- Parameter type
- Configurable
- Default [range]
- Null [TLSv1,TLSv12]
If you set the parameter to null or TLSv1,
the parameter enables support for TLS version 1.0 (RFC2246) and TLS
version 1.1 (RFC4346).
Note: During SSL
handshake, the client and the server negotiate and find the most secure
version to use either TLS version 1.0 or TLS version 1.1. If there
is no compatible version between the client and the server, the connection
fails. If the client supports TLS version 1.0 and TLS version 1.1,
but the server support TLS version 1.0 only, then TLS version 1.0
is used.
If you set the parameter
to TLSv12 (RFC5246), the parameter enables support
for TLS version 1.2. This setting is required to comply with NIST
SP 800-131A.
If you set the parameter
to TLSv12 and TLSv1, the parameter
enables support for TLS version 1.2 with the option to fall back on
TLS version 1.0 and 1.1.