TLS Support in Native Protocol Configuration

Published: November 25, 2025

TLS support in the native protocol (to enable, set tcp_ssl_port in config.xml ).

Adds support for TLS encryption in the ClickHouse native protocol by enabling a secure TCP SSL port configuration.

Why it matters

This feature was created to enhance security by allowing encrypted communication between ClickHouse clients and servers using TLS. It solves the problem of data being transmitted in plaintext over the native protocol, protecting against eavesdropping and tampering. The value for users is increased data security and compliance with security best practices when using the ClickHouse native protocol.

How to use it

To enable TLS support in the native protocol, set the tcp_ssl_port parameter in the ClickHouse config.xml configuration file. This activates a secure port that accepts TLS-encrypted connections from clients.