To encrypt ODBC data, IBM recommends the industry-standard TLS encryption protocol (the successor to SSL).
Server side: When TLS is used, IBM i servers automatically assign a prestarted ODBC job named QZDASSINIT (the second “S” stands for “secure”) rather than the usual QZDASOINIT job.
Client side: The Windows version of the IBM i ODBC driver starts encrypted mode when the SSL connection string keyword is specified. Linux users, however, need to use the secure tunnel (“stunnel”) package.
IBM provides detailed instructions on setting up the secure tunnel from a Linux system to IBM i at https://www.ibm.com/support/pages/node/869822. TIP: In case it’s not clear in IBM’s article, applications should use the DSN name that was set up in the Linux odbc.ini file.
We have helped clients set up secure ODBC tunnels for applications written in PHP and Node.js. It would work the same for Python and other languages as well.