SSL filter

Adaptive Server’s directory service, such as the interfaces file, NT registry, or LDAP service, defines the server address and port numbers, and determines the security protocols that are enforced for client connections. Adaptive Server implements the SSL protocol as a filter that is appended to the master and query lines of the directory services.

The addresses and port numbers on which Adaptive Server accepts connections are configurable so that multiple network and security protocols can be enabled for a single server. Server connection attributes are specified with directory services, such as LDAP or DCE, or with the traditional Sybase interfaces file. See “Creating server directory entries”.

All connection attempts to a master or query entry in the interfaces file with an SSL filter must support the SSL protocol. A server can be configured to accept SSL connections and have other connections that accept clear text (unencrypted data), or use other security mechanisms.

For example, the interfaces file on UNIX that supports both SSL-based connections and clear-text connections looks like:

SYBSRV1
    master tli tcp /dev/tcp \x00020abc123456780000000000000000 ssl
    query tli tcp /dev/tcp \x00020abc123456780000000000000000 ssl
    master tli tcp /dev/tcp \x00020abd123456780000000000000000

The SSL filter is different from other security mechanisms, such as DCE and Kerberos, which are defined with SECMECH (security mechanism) lines in the interfaces file (sql.ini on Windows).