Introduction to transport-layer security

Separately licensed component required

ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.

See Separately licensed components.

Transport-layer security, an IETF standard protocol, secures client/server communications using digital certificates and public-key cryptography. Transport-layer security enables encryption, tamper detection, and certificate-based authentication.

You can use transport-layer security to:

  • Secure communications between the SQL Anywhere database server and client applications.
  • Secure communications between the MobiLink server and MobiLink clients.
  • Set up a secure SQL Anywhere web server.

Secure communication begins with an exchange of messages (a handshake) including:

  • Server authentication   Transport-layer security uses server certificates to establish and maintain a secure connection. You create unique certificate files for each server. You can use server authentication for SQL Anywhere client/server communication or for MobiLink synchronization:

    • For SQL Anywhere client/server communication, a database client verifies the identity of a SQL Anywhere database server.
    • For MobiLink synchronization, a MobiLink client (SQL Anywhere or UltraLite) verifies the identity of a MobiLink server.

Efficiency

The transport-layer security protocol uses a combination of public-key and symmetric key encryption. Public-key encryption provides better authentication techniques, but is computationally intensive. Once a secure connection is established, the client and server use a highly efficient symmetric cipher with 128-bit key size for the rest of their communication.

Certificates

SQL Anywhere includes a tool called createcert that allows you to create X.509 certificate files for transport-layer security. However, if you need to verify the existence of third-party certificates, or if you need more secure certificates, you can purchase the certificates from certificate authorities.

Database file encryption

For information about database file encryption, see:


TLS support
FIPS-approved encryption technology