Encrypting IBM i ODBC Connections from Linux

ODBC with Db2 for IBM iSeveral clients have asked how to encrypt ODBC connections between Linux and IBM i to keep their Db2 data safe in transit.

To encrypt ODBC data, IBM recommends the industry-standard TLS encryption protocol (the successor to SSL).

Server side: When TLS is used, IBM i servers automatically assign a prestarted ODBC job named QZDASSINIT (the second “S” stands for “secure”) rather than the usual QZDASOINIT job.

Client side: The Windows version of the IBM i ODBC driver starts encrypted mode when the SSL connection string keyword is specified. Linux users, however, need to use the secure tunnel (“stunnel”) package.

IBM provides detailed instructions on setting up the secure tunnel from a Linux system to IBM i at https://www.ibm.com/support/pages/node/869822. TIP: In case it’s not clear in IBM’s article, applications should use the DSN name that was set up in the Linux odbc.ini file.

We have helped clients set up secure ODBC tunnels for applications written in PHP and Node.js. It would work the same for Python and other languages as well.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.