To set up client applications to use transport-layer security, use the Encryption [ENC] connection parameter in your connection string. The connection string takes the following form (which must be written all on one line):
Encryption=tls( tls_type=cipher; [ fips={ y | n }; ] trusted_certificates=public-certificate)
cipher can be rsa or ecc for RSA and ECC encryption, respectively. For FIPS-approved RSA encryption, specify tls_type=rsa;fips=y. RSA FIPS uses a separate approved library, but is compatible with SQL Anywhere 9.0.2 or later servers using RSA.
The connection fails if the cipher does not match the encryption (RSA or ECC) used to create your certificates.
public-certificate is the path and file name of a file that contains one or more trusted certificates. If you are using FIPS-approved RSA encryption, you must generate your certificates using RSA.
For more information about trusted_certificates and other client security parameters, see Client security options.
For more information about creating or obtaining the certificate, see Creating digital certificates.
For more information about the encryption connection parameter, see Encryption connection parameter [ENC].
The following example uses the trusted_certificates encryption connection parameter to specify the certificate, public_cert.crt.
"UID=DBA;PWD=sql;ENG=myeng;LINKS=tcpip; ENC=tls(tls_type=ecc;trusted_certificates=public_cert.crt)" |
The following example uses the trusted_certificates encryption connection parameter to specify the certificate, public_cert.crt, and verifies certificate fields using the certificate_unit and certificate_name encryption connection parameters.
"UID=DBA;PWD=sql;ENG=myeng;LINKS=tcpip; ENC=tls(tls_type=ecc;trusted_certificates=public_cert.crt; certificate_unit=test_unit;certificate_name=my_certificate)" |
Send feedback about this page via email or DocCommentXchange | Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0 |