fips

Use FIPS-approved encryption implementations for TLS encryption and end-to-end encryption.

Separately licensed component required

ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.

See Separately licensed components.

Syntax

fips={ y | n }

Protocols

HTTPS, TLS

Default

Remarks

FIPS is only supported for RSA encryption.

Non-FIPS clients can connect to FIPS servers and vice versa.

This option can be used with end-to-end encryption. If fips is set to y, MobiLink clients use FIPS 140-2 certified implementations of RSA and AES. This option is not supported when using ECC. See e2ee_type and e2ee_public_key.

For information about how to set network protocol options with dbmlsync, see CommunicationAddress (adr) extended option.

Example

The following example sets up FIPS-approved RSA encryption for a TCP/IP protocol. This requires setup on the server and client. Each command must be written on one line.

On the server, the implementation is:

mlsrv11  
  -c "dsn=SQL Anywhere 11 Demo;uid=DBA;pwd=sql" 
  -x tls(
    port=9999;
    tls_type=rsa;
    fips=y;
    identity=c:\sa10\bin32\rsaserver.id;
    identity_password=test )

On a SQL Anywhere client, the implementation is:

dbmlsync -e 
   "CommunicationType=tls;
    CommunicationAddress=
       'tls_type=rsa;
        fips=y;
        trusted_certificates=\rsaroot.crt;
        certificate_name=RSA Server'"

In an UltraLite application written in embedded SQL in C or C++, the implementation is:

    info.stream = "tls";
    info.stream_parms = TEXT(
      "tls_type=rsa;
       fips=y;
       trusted_certificates=\rsaroot.crt;
       certificate_name=RSA Server");

Send feedback about this page via email or DocCommentXchange