When establishing a connection to an SSL-enabled Adaptive Server, the SSL security mechanism is specified as a filter on the master and query lines in the interfaces file. SSL is used as an Open Client protocol layer that sits on top of the TCP/IP connection.
The SSL filter is different from other security mechanisms, that are defined with secmech (security mechanism) lines in the interfaces file. The master and query lines determine the security protocols that are enforced for the connection.
For example, a typical interfaces file on an Apple Mac OS X Intel machine using SSL looks like this:
SERVER <retries><time-outs>
master tcp ether <hostname>
<portnumber> ssl
query tcp ether <hostname> <portnumber>
ssl
where hostname is the name of the server to which the client is connecting and portnumber is the port number of the host machine.
All connection attempts to a master or query entry in the interfaces file with an SSL filter must support the SSL protocol. A server can be configured to accept SSL connections and have other connections that accept plain text (unencrypted data), or use other security mechanisms.
For example, an Adaptive Server interfaces file on Apple Mac OS X Intel that supports both SSL-based connections and plain-text connections looks like this:
SYBSRV1
master tcp ether hostname 2748 ssl
query tcp ether hostname 2748 ssl
master tcp ether hostname 2749
In this example, the SSL security service is specified on port number 2748. On SYBSRV1, Adaptive Server listens for clear text on port number 2749, which is without any security mechanism or security filter.
