Establishing a client connection using transport-layer security

To set up client applications to use transport-layer security, use the Encryption [ENC] connection parameter in your connection string. The connection string takes the following form (which must be written all on one line):

Encryption=tls(
   tls_type=cipher;
   [ fips={ y | n }; ]
   trusted_certificates=public-certificate
 [ certificate_company=organization; ]
 [ certificate_name=common-name; ]
 [ certificate_unit=organization-unit ] )

cipher can be rsa or ecc for RSA and ECC encryption, respectively. The default is rsa. For FIPS-approved RSA encryption, specify tls_type=rsa;fips=y. RSA FIPS uses a separate approved library, but is compatible with SQL Anywhere 9.0.2 or later database servers using RSA. You cannot specify fips=y with tls_type=ecc.
The connection fails if the cipher does not match the encryption (RSA or ECC) used to create your certificates.
public-certificate is the path and file name of a file that contains one or more trusted certificates. If you are using FIPS-approved RSA encryption, you must generate your certificates using RSA. See trusted_certificates protocol option.
organization forces the client to accept server certificates only when the Organization field on the certificate matches this value. See certificate_company protocol option.
common-name forces the client to accept server certificates only when the Common Name field on the certificate matches this value. See certificate_name protocol option.
organization-unit forces the client to accept server certificates only when the Organization Unit field on the certificate matches this value. See certificate_unit protocol option.

For more information about trusted_certificates and other client security parameters, see Verifying certificate fields and Using the trusted_certificates protocol option.

For more information about creating or obtaining the certificate, see Creating digital certificates.

For more information about the encryption connection parameter, see Encryption (ENC) connection parameter.

Example

The following example uses the trusted_certificates encryption connection parameter to specify the certificate, public_cert.crt.

"UID=DBA;PWD=sql;Host=myhost;Server=myserver;
ENC=tls(tls_type=ecc;trusted_certificates=public_cert.crt)"

The following example uses the trusted_certificates encryption connection parameter to specify the certificate, public_cert.crt, and verifies certificate fields using the certificate_unit and certificate_name encryption connection parameters.

"UID=DBA;PWD=sql;Host=myhost;Server=myserver;
ENC=tls(tls_type=ecc;trusted_certificates=public_cert.crt;
certificate_unit=test_unit;certificate_name=my_certificate)"

Discuss this page in DocCommentXchange.