Encrypts packets sent between the client application and the server using transport-layer security or simple encryption.
TLS: supported for TCP/IP only
NONE or SIMPLE: anywhere
Encryption= { NONE | SIMPLE | TLS( TLS_TYPE=cipher; [ FIPS={ Y | N }; ] TRUSTED_CERTIFICATES=public-certificate; [ CERTIFICATE_COMPANY=organization; ] [ CERTIFICATE_NAME=common-name; ] [ CERTIFICATE_UNIT=organization-unit ] )
NONE
You can use this parameter if you want to secure communications between client applications and the database server using transport-layer security or simple encryption. See Transport-layer security.
ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.
The Encryption (ENC) connection parameter accepts the following arguments:
NONE Accepts communication packets that are not encrypted.
SIMPLE Accepts communication packets that are encrypted with simple encryption supported on all platforms and on previous versions of SQL Anywhere. Simple encryption does not provide server authentication, strong elliptic-curve or RSA encryption, or other features of transport-layer security.
If the database server accepts simple encryption, but does not accept no encryption, then any non-TDS connection attempts using no encryption automatically use simple encryption.
Starting the database server with -ec SIMPLE
tells the database server to accept only connections using simple encryption. TLS connections (ECC, RSA, RSA FIPS) fail,
and connections requesting no encryption use simple encryption.
Starting the database server with -ec SIMPLE,TLS( TLS_TYPE=ECC;... )
tells the database server to accept only connections with ECC TLS encryption or simple encryption. Both RSA and RSA FIPS connections fail, and connections requesting no encryption use simple encryption.
cipher can be RSA or ECC for RSA and ECC encryption, respectively. For FIPS-approved RSA encryption specify TLS_TYPE=RSA;FIPS=Y. RSA FIPS uses a separate approved library, but is compatible with servers specifying RSA with SQL Anywhere 9.0.2 or later.
The connection fails if the cipher does not match the encryption (RSA or ECC) used to create your certificates.
The client can use the following arguments to verify the field values in the server's public certificate:
For more information about verifying certificate fields for server authentication, see Verifying certificate fields.
For more information about using digital certificates, see Creating digital certificates.
You can use the CONNECTION_PROPERTY system function to retrieve the encryption settings for the current connection:
SELECT CONNECTION_PROPERTY ( 'Encryption' ); |
The function returns one of five values: None, Simple, ecc_tls, rsa_tls, or rsa_tls_fips depending which type of encryption is being used by the connection.
See CONNECTION_PROPERTY function [System].
The following connection string fragment connects to a database server named demo with a TCP/IP link, using transport-layer security and elliptic-curve encryption:
"ENG=demo;LINKS=tcpip;ENCRYPTION=tls(tls_type=ecc;trusted_certificates=eccroot.crt)" |
The following connection string fragment connects to a database server named demo with a TCP/IP link, using transport-layer security and RSA encryption:
"ENG=demo;LINKS=tcpip;ENCRYPTION=tls(tls_type=rsa;fips=n;trusted_certificates=rsaroot.crt)" |
The following connection string fragment connects to a database server named demo with a TCP/IP link, using simple encryption:
"ENG=demo;LINKS=tcpip;ENCRYPTION=simple" |
Discuss this page in DocCommentXchange. Send feedback about this page using email. |
Copyright © 2009, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.1 |