To set up client applications to use transport-layer security, use the Encryption [ENC] connection parameter in your connection string. The connection string takes the following form (which must be written all on one line):
Encryption=tls( tls_type=cipher; [ fips={ y | n }; ] trusted_certificates=public-certificate [ certificate_company=organization; ] [ certificate_name=common-name; ] [ certificate_unit=organization-unit ] )
cipher can be rsa or ecc for RSA and ECC encryption, respectively. The default is rsa. For FIPS-approved RSA encryption, specify tls_type=rsa;fips=y. RSA FIPS uses a separate approved library, but is compatible with SQL Anywhere 9.0.2 or later database servers using RSA. You cannot specify fips=y with tls_type=ecc.
The connection fails if the cipher does not match the encryption (RSA or ECC) used to create your certificates.
public-certificate is the path and file name of a file that contains one or more trusted certificates. If you are using FIPS-approved RSA encryption, you must generate your certificates using RSA. See trusted_certificates protocol option.
organization forces the client to accept server certificates only when the Organization field on the certificate matches this value. See certificate_company protocol option.
common-name forces the client to accept server certificates only when the Common Name field on the certificate matches this value. See certificate_name protocol option.
organization-unit forces the client to accept server certificates only when the Organization Unit field on the certificate matches this value. See certificate_unit protocol option.
For more information about trusted_certificates and other client security parameters, see Verifying certificate fields and Using the trusted_certificates protocol option.
For more information about creating or obtaining the certificate, see Creating digital certificates.
For more information about the encryption connection parameter, see Encryption connection parameter [ENC].
The following example uses the trusted_certificates encryption connection parameter to specify the certificate, public_cert.crt.
"UID=DBA;PWD=sql;ENG=myeng;LINKS=tcpip; ENC=tls(tls_type=ecc;trusted_certificates=public_cert.crt)" |
The following example uses the trusted_certificates encryption connection parameter to specify the certificate, public_cert.crt, and verifies certificate fields using the certificate_unit and certificate_name encryption connection parameters.
"UID=DBA;PWD=sql;ENG=myeng;LINKS=tcpip; ENC=tls(tls_type=ecc;trusted_certificates=public_cert.crt; certificate_unit=test_unit;certificate_name=my_certificate)" |
Discuss this page in DocCommentXchange. Send feedback about this page using email. |
Copyright © 2009, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.1 |