O
obohaciak
Guest
In the current version (7), the ODBC client on Windows needs to define a Truststore parameter either in DSN or connection string to turn on the use of non-anonymous cipher suites for use with SSL. It would be great if the client leveraged the use of native system truststore such as: 1. Linux - /etc/ssl/certs (https://help.ubuntu.com/community/OpenSSL) 2. Windows - CERT_SYSTEM_STORE (http://msdn.microsoft.com/en-us/library/windows/desktop/aa388136(v=vs.85).aspx) 3. Mozila - NSS (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS) This is mostly relevant (critical) for Windows platform where users are used to system-wide certificate storage. The Truststore parameter as it works now not only defines the truststore, but also turns on non-anonymous cipher suites. There either need to be turned on by default and auto-negotiated between client and server or an option provided where the user can set up a preferred cipher suite.
Continue reading...
Continue reading...