Oxla provides support for using SSL connections to encrypt client/server communications for increased security, that safeguards your data. The following documentation will guide you through the process of configuring SSL for your Oxla database.
SSL Configuration Settings
To enable SSL support, the following settings must be correctly configured:
- mode:
require or optional
- cert_file: path to the server’s public certificate in PEM format
- key_file: path to the server’s private key in PEM format
Providing a ca_crt_file, which is used to verify whether the certificate was signed by the Certificate Authority (CA) is optional.
The settings for min_protocol_version and max_protocol_version can be omitted, as they have default values.
SSL Enabled Configuration (Mode: Optional)
Clients are authorized to establish connections using both non-SSL and SSL protocols.
Connections established with sslmode=require or sslmode=disable will be accepted.
ssl:
mode: optional
ca_crt_file: "path/to/ca.crt"
cert_file: "path/to/ssl.crt"
key_file: "path/to/ssl.key"
min_protocol_version: 1.2 # Minimum supported SSL version, supported values: 1.2, 1.3
max_protocol_version: 1.3 # Maximum supported SSL version, supported values: 1.2, 1.3
SSL Enabled Configuration (Mode: Require)
Clients are permitted to connect only through SSL connections. Any attempts to establish a connection using tools that require SSL,
such as psql with the sslmode=disable option, will be rejected.
ssl:
mode: require
ca_crt_file: "path/to/ca.crt"
cert_file: "path/to/ssl.crt"
key_file: "path/to/ssl.key"
min_protocol_version: 1.2 # Minimum supported SSL version, supported values: 1.2, 1.3
max_protocol_version: 1.3 # Maximum supported SSL version, supported values: 1.2, 1.3
SSL Disabled Configuration
Clients are permitted to connect only through non-SSL connections. Any attempts to establish a connection using tools that require SSL,
such as psql with the sslmode=require option, will be rejected.
SSL Modes Description Table
| SSL Mode | Eavesdropping Protection | Support |
|---|
| off | No | SSL connections not supported |
| require | Yes | Only SSL connections are allowed |
| optional | Yes | both SSL and no SSL connections are supported |
Examples of SSL Configuration
For a more detailed explanation of the configuration options, please refer to the Oxla Configuration File. 
