Clients should be able to communicate with GCC/GCD by specifying TLS as the protocol in the connection string. For example, for a dynamic vnode configuration:

where vserver-p1 is the server, tls is the protocol, and m39 is the port configured in the server installation to connect to.

Clients should be able to connect to TLS or non-TLS servers from the same installation, based on the protocol specified.

If no protocol is specified, a non-TLS connection is expected.

A connection from a TLS protocol specified client to a non-TLS server will fail.

A connection from a non-TLS protocol specified client to a TLS server will fail.

By default, the traditional encryption will be set to same as before (versions 12.0 and before). Users can disable or enable encryption, irrespective of TLS. If TLS is enabled and encryption is on, the data stream is first encrypted by traditional encryption and then with TLS (since TLS is enabled). The enabling or disabling of encryption is the decision of the users. There is only a single setting in config.dat for enabling or disabling encryption. Certain clients do support disabling encryption per connection (overriding the settings in config.dat) via the command line and certain clients require additional settings in vnode to achieve this.

Clients which do not need Ingres specific libraries to be present in the system and can exist without an Ingres installation (DAMP based) are:

For a remote connection, these clients can only communicate with GCD. There is a special case in which vnodes are used for communication, which means the clients communicate with a local GCD which communicates with a local GCC and then with a remote GCC.