Oxla provides support for using SSL connections to encrypt client/server communications for increased security, that safeguards your data. The following documentation will guide you through the process of configuring SSL for your Oxla database.

SSL Configuration Settings

To enable SSL support, the following settings must be correctly configured:
  • mode: require or optional
  • cert_file: path to the server’s public certificate in PEM format
  • key_file: path to the server’s private key in PEM format
Providing a ca_crt_file, which is used to verify whether the certificate was signed by the Certificate Authority (CA) is optional.
The settings for min_protocol_version and max_protocol_version can be omitted, as they have default values.

SSL Enabled Configuration (Mode: Optional)

Clients are authorized to establish connections using both non-SSL and SSL protocols. Connections established with sslmode=require or sslmode=disable will be accepted. 
ssl:
  mode: optional
  ca_crt_file: "path/to/ca.crt"
  cert_file: "path/to/ssl.crt"
  key_file: "path/to/ssl.key"
  min_protocol_version: 1.2 # Minimum supported SSL version, supported values: 1.2, 1.3
  max_protocol_version: 1.3 # Maximum supported SSL version, supported values: 1.2, 1.3

SSL Enabled Configuration (Mode: Require)

Clients are permitted to connect only through SSL connections. Any attempts to establish a connection using tools that require SSL, such as psql with the sslmode=disable option, will be rejected. 
ssl:
  mode: require
  ca_crt_file: "path/to/ca.crt"
  cert_file: "path/to/ssl.crt"
  key_file: "path/to/ssl.key"
  min_protocol_version: 1.2 # Minimum supported SSL version, supported values: 1.2, 1.3
  max_protocol_version: 1.3 # Maximum supported SSL version, supported values: 1.2, 1.3

SSL Disabled Configuration

Clients are permitted to connect only through non-SSL connections. Any attempts to establish a connection using tools that require SSL, such as psql with the sslmode=require option, will be rejected. 
ssl:
  mode: off

SSL Modes Description Table

SSL ModeEavesdropping ProtectionSupport
offNoSSL connections not supported
requireYesOnly SSL connections are allowed
optionalYesboth SSL and no SSL connections are supported

Examples of SSL Configuration

For a more detailed explanation of the configuration options, please refer to the Oxla Configuration File.