Configuring SSL Verification

Note:

In this documentation, "SSL" refers to both TLS (Transport Layer Security) and SSL (Secure Sockets Layer). The connector supports up to TLS 1.2. The SSL version used for the connection is the highest version that is supported by both the connector and the server.

When connecting to data stores, by default the non-Windows version of the Simba PayPal ODBC Connector uses SSL encryption but does not use peer or host verification. You can enable peer verification so that the connector verifies the identity of the server, and enable host verification so that the connector requires the host name in the server certificate to match the host name of the server that you are connecting to.

You can set the connection properties described below in a connection string or in a DSN (in the odbc.ini file). Settings in the connection string take precedence over settings in the DSN.

Configuring Host and Peer Verification

To configure host and peer verification:

To enable peer verification so that the connector verifies the identity of the server, do the following:
1. Set the UsePeerVerification property to 1.
2. Set the TrustCertsPath property to the full path and name of a .pem file containing the trusted CA certificates for verifying the server.
To enable host verification so that the connector requires the host name in the server's certificate to match the host name of the server, set the UseHostVerification property to 1.

Disabling SSL Encryption

If the data store that you are connecting to does not support SSL encryption, disable it so that the connector can connect to the data store.

Note:

It is recommended that you keep SSL enabled if possible. SSL encryption protects data and credentials when they are transferred over the network, and provides stronger security than authentication alone.

To disable SSL verification:

Set the UseEncryptedEndpoints property to 0.