Specifies support for a TLS encrypted connection to your data source.
| Valid in: | SAS/ACCESS LIBNAME statement |
|---|---|
| Category: | Data Access |
| Default: | prefer |
| Restriction: | You must specify the value for this option in lowercase. |
| Data source: | PostgreSQL, Yellowbrick |
| Note: | Support for Yellowbrick was added in SAS 9.4M7. |
Table of Contents
specifies whether to support encryption when SAS/ACCESS connects to your database.
Here are the possible values:
| allow | Encryption is not required, but encryption is accepted if the DBMS server requires it. |
| disable | Do not use encryption when connecting to the database. |
| prefer | Encryption is not required, but encryption should be used if it is available. |
| require | Encryption is required when connecting to the database. |
| verify-ca | Encryption is required, and an authentication certificate might be required. Whether an authentication certificate is required depends on your database policy. |
| verify-full | Encryption and an authentication certificate are required. |
In order for a database connection to be secure, encryption usage must be configured on the DBMS server and on the SAS/ACCESS client.
The following table shows whether third-party observation of connection parameters and data is possible for each SSLMODE= value. It also shows whether there is protection against man-in-the-middle (MITM) attacks, in which data is modified or diverted during transfer even if the data is encrypted. The value for SSLMODE= specifies whether to use certificate verification to prevent these attacks.
|
SSLMODE= Value |
Protects from Third-Party Observation? |
Protects from MITM Attacks? |
|---|---|---|
|
allow |
Yes, if encryption is used. Otherwise, no. |
No |
|
disable |
No |
No |
|
prefer |
Yes, if encryption is used. Otherwise, no. |
No |
|
require |
Yes |
No |
|
verify-ca |
Yes |
Depends on certificate authentication policy of the DBMS |
|
verify-full |
Yes |
Yes |