Establishing a client connection using transport-layer security

To set up client applications to use transport-layer security, use the Encryption [ENC] connection parameter in your connection string. The connection string takes the following form (which must be written all on one line):

Encryption=tls(
   tls_type=algorithm;
   [ fips={ y | n }; ]
   trusted_certificate=public-certificate
 [ certificate_company=organization; ]
 [ certificate_name=common-name; ]
 [ certificate_unit=organization-unit ] )
  • algorithm   can be rsa or ecc for RSA and ECC encryption, respectively. The default is rsa. For FIPS-certified RSA encryption, specify tls_type=rsa;fips=y. RSA FIPS-certified encryption uses a separate certified library, but is compatible with SQL Anywhere 9.0.2 or later database servers using RSA. You cannot specify fips=y with tls_type=ecc.

    The connection fails if the algorithm does not match the encryption (RSA or ECC) used to create your certificates.

  • public-certificate   is the path and file name of a file that contains one or more trusted certificates. If you are using FIPS-certified RSA encryption, you must generate your certificates using RSA. See trusted_certificate protocol option.

  • organization   forces the client to accept server certificates only when the Organization field on the certificate matches this value. See certificate_company protocol option.

  • common-name   forces the client to accept server certificates only when the Common Name field on the certificate matches this value. See certificate_name protocol option.

  • organization-unit   forces the client to accept server certificates only when the Organization Unit field on the certificate matches this value. See certificate_unit protocol option.

For more information about trusted_certificate and other client security parameters, see Verifying certificate fields and Using the trusted_certificate protocol option.

 See also
 Example