# Secure Connection The DAP client library supports secure connections to databases using SSL/TLS. You can specify the SSL mode by using the `ssl` parameter in the connection string. ### Supported SSL modes * **`disable`**: SSL is disabled. * **`prefer`** (default): Attempts an SSL connection first; falls back to a non-SSL connection if SSL fails. * **`allow`**: Attempts a non-SSL connection first; retries with SSL if the first attempt fails. * **`require`**: Forces an SSL connection, but certificate verification errors are ignored. * **`verify-ca`**: Forces an SSL connection and verifies that the server certificate is issued by a trusted certificate authority (CA). * **`verify-full`**: Forces an SSL connection, verifies that the server certificate is issued by a trusted CA, and ensures the server's hostname matches the certificate. ### Examples 1. **Default SSL mode (prefer)**: ```bash postgresql://scott:password@server.example.com:5432/testdb ``` 2. **Forcing SSL connection**: ```bash postgresql://scott:password@server.example.com:5432/testdb?ssl=require ``` 3. **Forcing SSL connection and verifying the server certificate**: ```bash postgresql://scott:password@server.example.com:5432/testdb?ssl=verify-full ``` ### Important Notes **`verify-ca`** and **`verify-full`** modes require the CA certificate to be installed on your system to verify the server certificate. If the CA certificate is not installed, the connection will fail. The location of CA certificates depends on the operating system: * **Linux**: CA certificates are typically stored in `/etc/ssl/certs/` or similar directories. * **Windows**: CA certificates are managed in the Windows Certificate Store. * **macOS**: CA certificates are stored in the Keychain. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developerdocs.instructure.com/services/dap/dap-cli-readme/dap-cli-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.