Encrypts packets sent between the client application and the server using transport-layer security or simple encryption.
For TLS, TCP/IP only.
For NONE or SIMPLE, anywhere.
Encryption= { NONE | SIMPLE | TLS( TLS_TYPE=cipher; [ FIPS={ Y | N }; ] TRUSTED_CERTIFICATES=public-certificate ) }
NONE
You can use this parameter if you want to secure communications between client applications and the database server using transport-layer security or simple encryption. See Transport-layer security.
ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.
The Encryption (ENC) connection parameter accepts the following arguments:
NONE Accepts communication packets that are not encrypted.
SIMPLE Accepts communication packets that are encrypted with simple encryption supported on all platforms and on previous versions of SQL Anywhere. Simple encryption does not provide server authentication, strong elliptic-curve or RSA encryption, or other features of transport-layer security.
If the database server accepts simple encryption, but does not accept no encryption, then any non-TDS connection attempts using no encryption automatically use simple encryption.
Starting the database server with -ec SIMPLE tells the database server to accept only connections using simple encryption. TLS connections (ECC, RSA, RSA FIPS) fail,
and connections requesting no encryption use simple encryption.
Starting the database server with -ec SIMPLE,TLS( TLS_TYPE=ECC;... ) tells the database server to accept only connections with ECC TLS encryption or simple encryption. Both RSA and RSA FIPS connections fail, and connections requesting no encryption use simple encryption.
cipher can be RSA or ECC for RSA and ECC encryption, respectively. For FIPS-approved RSA encryption specify TLS_TYPE=RSA;FIPS=Y. RSA FIPS uses a separate approved library, but is compatible with servers specifying RSA with SQL Anywhere 9.0.2 or later.
The connection fails if the cipher does not match the encryption (RSA or ECC) used to create your certificates.
public-certificate is the path and file name of a file that contains one or more trusted certificates. If you are using FIPS-approved RSA encryption, you must generate your certificates using RSA.
For more information about verifying certificate fields for server authentication, see Verifying certificate fields.
For more information about using digital certificates, see Creating digital certificates.
You can use the CONNECTION_PROPERTY system function to retrieve the encryption settings for the current connection:
SELECT CONNECTION_PROPERTY ( 'Encryption' ); |
The function returns one of five values: None, Simple, ecc_tls, rsa_tls, or rsa_tls_fips depending which type of encryption is being used by the connection.
See CONNECTION_PROPERTY function [System].
The following connection string fragment connects to a database server named demo with a TCP/IP link, using transport-layer security and elliptic-curve encryption:
"ENG=demo;LINKS=tcpip;ENCRYPTION=tls(tls_type=ecc;trusted_certificates=eccserver.id)" |
The following connection string fragment connects to a database server named demo with a TCP/IP link, using transport-layer security and RSA encryption:
"ENG=demo;LINKS=tcpip;ENCRYPTION=tls(tls_type=rsa;fips=n;trusted_certificates=rsaserver.id)" |
The following connection string fragment connects to a database server named demo with a TCP/IP link, using simple encryption:
"ENG=demo;LINKS=tcpip;ENCRYPTION=simple" |
| Send feedback about this page via email or DocCommentXchange | Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0 |