Sets network protocol and protocol options for MobiLink clients. These are used by the MobiLink server to listen for synchronization requests.
ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.
mlsrv11 -c "connection-string" -x protocol[ protocol-options ] ...
protocol : tcpip | tls | http | https
protocol-options : ( option=value; ... )
The default is TCPIP with port 2439.
The allowed values of protocol are as follows:
tcpip Accept connections using TCP/IP.
tls Accept connections using TCP/IP using transport-layer security.
http Accept connections using the standard Web protocol.
https Accept connections using a variant of HTTP that handles secure transactions. The HTTPS protocol implements HTTP over SSL/TLS using RSA or ECC encryption.
You can also specify the following network protocol options, in the form option=value. You must separate multiple options with semicolons.
TCP/IP options If you specify the tcpip protocol, you can optionally specify the following protocol options (these options are case sensitive):
TCP/IP protocol option | Description |
---|---|
host=hostname | The host name or IP number on which the MobiLink server should listen. The default value is localhost. |
ignore=hostname | A host name or IP number that gets ignored by the MobiLink server if it makes a connection. This option allows you to ignore
requests from load balancers at the lowest possible level, preventing excessive output in the MobiLink server log and MobiLink
Monitor output files. You can specify multiple hosts to ignore; for example -x tcpip(ignore=lb1;ignore=123.45.67.89) . If you specify multiple instances of -x on a command line, the host is ignored on all instances; for example, if you specify
-x tcpip(ignore=1.1.1.1) -x http, then connections for 1.1.1.1 are ignored on both the TCP/IP and the HTTP streams. However,
this does not affect connections via the -xo option.
|
port=portnumber | The socket port number on which the MobiLink server should listen. The default port is 2439, which is the IANA registered port number for the MobiLink server. |
Options for TCP/IP with transport-layer security If you specify the tls protocol, which is TCP/IP with transport-layer security, you can optionally specify the following protocol options (these options are case sensitive):
TLS protocol options | Description |
---|---|
fips={yes|no} | If you specify the TLS protocol with tls_type=rsa, you can specify fips=yes to accept connections using the TCP/IP protocol and FIPS-approved algorithms for encryption. FIPS connections use separate FIPS 140-2 certified software. Servers using RSA encryption without FIPS are compatible with clients using RSA with FIPS, and servers using RSA with FIPS are compatible with clients using RSA without FIPS. |
host=hostname | The host name or IP number on which the MobiLink server should listen. The default value is localhost. |
ignore=hostname | A host name or IP number that gets ignored by the MobiLink server if it makes a connection. This option allows you to ignore
requests from load balancers at the lowest possible level, preventing excessive output in the MobiLink server log and MobiLink
Monitor output files. You can specify multiple hosts to ignore; for example -x tcpip(ignore=lb1;ignore=123.45.67.89) .
|
port=portnumber | The socket port number on which the MobiLink server should listen. The default port is 2439, which is the IANA registered port number for the MobiLink server. |
tls_type={rsa|ecc} |
If you specify the TCP/IP protocol as tls, you can specify either elliptic-curve cryptography (ecc) or RSA encryption (rsa). For backward compatibility, ecc can also be specified as certicom. The default tls_type is rsa. When you use TLS, you must specify an identity and an identity password:
See Starting the MobiLink server with transport-layer security. |
e2ee_type={rsa|ecc} |
The type of the key used to exchange session keys. Must be either rsa or ecc, and must match the key type in the private key file (see next option). The default e2ee_type is rsa. |
e2ee_private_key=file |
The PEM-encoded file containing the rsa or ecc private key. This option is required for end-to-end encryption to take effect. PEM-encoded files are created using the createkey utility. See Key Pair Generator utility (createkey). |
e2ee_private_key_password=password |
The password to the private key file. This option is required for end-to-end encryption to take effect. |
HTTP options If you specify the http protocol, you can optionally specify the following protocol options (these options are case sensitive):
HTTP options | Description |
---|---|
buffer_size=number | The maximum body size for an HTTP message sent from MobiLink server, in bytes. Changing the option decreases or increases the amount of memory allocated for sending HTTP messages. The default is 65535 bytes. |
host=hostname | The host name or IP number on which the MobiLink server should listen. The default value is localhost. |
port=portnumber | The socket port number on which the MobiLink server should listen. The port number must match the port the MobiLink server is setup to monitor. The default port is 80. |
version=http-version | The MobiLink server automatically detects the HTTP version used by a client. This parameter is a string specifying the default version of HTTP to use in case the server cannot detect the method used by the client. You have a choice of 1.0 or 1.1. The default value is 1.1. |
HTTPS options The HTTPS protocol uses RSA or ECC digital certificates for transport-layer security. If you specify FIPS encryption, the protocol uses separate FIPS 140-2 certified software that is compatible with https.For more information, see Starting the MobiLink server with transport-layer security.
If you specify the https protocol, you can optionally specify the following protocol options (these options are case sensitive):
HTTPS options | Description |
---|---|
buffer_size=number | The maximum body size for an HTTPS message sent from MobiLink server, in bytes. Changing the option decreases or increases the amount of memory allocated for sending HTTPS messages. The default is 65535 bytes. |
identity=server-identity | The path and file name of the identity file that is to be used for server authentication. For HTTPS, this must be an RSA certificate. |
identity_password=password |
An optional parameter that specifies a password for the identity file. |
fips={yes|no} | You can specify fips=yes to accept connections using the HTTPS protocol and FIPS-approved algorithms for encryption. FIPS connections use separate FIPS 140-2 certified software. Servers using RSA encryption without FIPS are compatible with clients using RSA with FIPS, and servers using RSA with FIPS are compatible with clients using RSA without FIPS. |
host=hostname | The host name or IP number on which the MobiLink server should listen. The default value is localhost. |
port=portnumber | The socket port number on which the MobiLink server should listen. The port number must match the port the MobiLink server is set up to monitor. The default port is 443. |
tls_type={rsa|ecc} |
If you specify the TCP/IP protocol as tls, you can specify either elliptic-curve cryptography (ecc) or RSA encryption (rsa). For backward compatibility, ecc can also be specified as certicom. The default tls_type is rsa. When you use transport-layer security, you must specify an identity and an identity password:
See Starting the MobiLink server with transport-layer security. |
version=http-version | The MobiLink server automatically detects the HTTP version used by a client. This parameter is a string specifying the default version of HTTP to use in case the server cannot detect the method used by the client. You have a choice of 1.0 or 1.1. The default value is 1.1. |
e2ee_type={rsa|ecc} |
The type of the key used to exchange session keys. Must be either rsa or ecc, and must match the key type in the private key file (see next option). The default e2ee_type is rsa. |
e2ee_private_key=file |
The PEM-encoded file containing the rsa or ecc private key. This option is required for end-to-end encryption to take effect. PEM-encoded files are created using the createkey utility. See Key Pair Generator utility (createkey). |
e2ee_private_key_password=password |
The password to the private key file. This option is required for end-to-end encryption to take effect. |
The following command line sets the port to 12345:
mlsrv11 -c "dsn=SQL Anywhere 11 CustDB;uid=DBA;pwd=sql" -x tcpip(port=12345) |
The following example specifies the type of security (RSA), the server identity file, and the identity password protecting the server's private key:
mlsrv11 -c "dsn=my_cons" -x tls(tls_type=rsa;identity=c:\test\serv_rsa1.crt;identity_password=pwd) |
The following example is similar to the previous, except that there is a space in the identity file name:
mlsrv11 -c "dsn=my_cons" -x "tls(tls_type=rsa;identity=c:\Program Files\test\serv_rsa1.crt;identity_password=pwd)" |
The following example shows the use of end-to-end encryption over HTTPS:
mlsrv11 -c "dsn=my_cons" -x https(tls_type=rsa;identity=my_identity.crt; identity_password=my_id_pwd;e2ee_type=rsa;e2ee_private_key=my_pk.pem; e2ee_private_key_password=my_pk_pwd) |
Send feedback about this page via email or DocCommentXchange | Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0 |