Skip to content

Ensure SSL is enabled and configured correctly


SSL on a PostgreSQL server should be enabled (set to on) and configured to encrypt TCP traffic to and from the server.


If SSL is not enabled and configured correctly, this increases the risk of data being compromised in transit.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting } = module

 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if SSL is enabled
function validate(databaseSettings) {
    const settingName = "ssl"
    const expectedValue = "on"
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {

// invoke