To set up client applications to use transport-layer security, use the Encryption [ENC] connection parameter in your connection string. The connection string takes the following form (which must be written all on one line):
Encryption=tls( tls_type=algorithm; [ fips={ y | n }; ] trusted_certificate=public-certificate [ certificate_company=organization; ] [ certificate_name=common-name; ] [ certificate_unit=organization-unit ] )
algorithm can be rsa or ecc for RSA and ECC encryption, respectively. The default is rsa. For FIPS-certified RSA encryption, specify tls_type=rsa;fips=y. RSA FIPS-certified encryption uses a separate certified library, but is compatible with SQL Anywhere 9.0.2 or later database servers using RSA. You cannot specify fips=y with tls_type=ecc.
The connection fails if the algorithm does not match the encryption (RSA or ECC) used to create your certificates.
public-certificate is the path and file name of a file that contains one or more trusted certificates. If you are using FIPS-certified RSA encryption, you must generate your certificates using RSA. See trusted_certificate protocol option.
organization forces the client to accept server certificates only when the Organization field on the certificate matches this value. See certificate_company protocol option.
common-name forces the client to accept server certificates only when the Common Name field on the certificate matches this value. See certificate_name protocol option.
organization-unit forces the client to accept server certificates only when the Organization Unit field on the certificate matches this value. See certificate_unit protocol option.
For more information about trusted_certificate and other client security parameters, see Verifying certificate fields and Using the trusted_certificate protocol option.
Discuss this page in DocCommentXchange.
|
Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1 |