Use FIPS-approved encryption implementations for TLS encryption and end-to-end encryption.
ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.
fips={ y | n }
HTTPS, TLS
No
FIPS is only supported for RSA encryption.
Non-FIPS clients can connect to FIPS servers and vice versa.
This option can be used with end-to-end encryption. If fips is set to y, MobiLink clients use FIPS 140-2 certified implementations of RSA and AES. This option is not supported when using ECC. See e2ee_type and e2ee_public_key.
For information about how to set network protocol options with dbmlsync, see CommunicationAddress (adr) extended option.
The following example sets up FIPS-approved RSA encryption for a TCP/IP protocol. This requires setup on the server and client. Each command must be written on one line.
On the server, the implementation is:
mlsrv11 -c "dsn=SQL Anywhere 11 Demo;uid=DBA;pwd=sql" -x tls( port=9999; tls_type=rsa; fips=y; identity=c:\sa10\bin32\rsaserver.id; identity_password=test ) |
On a SQL Anywhere client, the implementation is:
dbmlsync -e "CommunicationType=tls; CommunicationAddress= 'tls_type=rsa; fips=y; trusted_certificates=\rsaroot.crt; certificate_name=RSA Server'" |
In an UltraLite application written in embedded SQL in C or C++, the implementation is:
info.stream = "tls"; info.stream_parms = TEXT( "tls_type=rsa; fips=y; trusted_certificates=\rsaroot.crt; certificate_name=RSA Server"); |
Send feedback about this page via email or DocCommentXchange | Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0 |