Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 11.0.1 (Français) » SQL Anywhere Server - Database Administration » Security » Transport-layer security

 

Introduction to transport-layer security

Composants nécessaires sous licence distincte

Les cryptages ECC et certifié FIPS exigent une licence distincte. Toutes les technologies de cryptage fort sont soumises à la réglementation en matière d'exportation.

Pour plus d'informations, reportez-vous à la section Separately licensed components.

Transport-layer security, an IETF standard protocol, secures client/server communications using digital certificates and public-key cryptography. Transport-layer security enables encryption, tamper detection, and certificate-based authentication.

You can use transport-layer security to:

  • Secure communications between the SQL Anywhere database server and client applications.

  • Secure communications between the MobiLink server and MobiLink clients.

  • Set up a secure SQL Anywhere web server.

Secure communication begins with an exchange of messages (a handshake) including:

  • Server authentication   Transport-layer security uses server certificates to establish and maintain a secure connection. You create unique certificate files for each server. You can use server authentication for SQL Anywhere client/server communication or for MobiLink synchronization:

    • For SQL Anywhere client/server communication, a database client verifies the identity of a SQL Anywhere database server.

    • For MobiLink synchronization, a MobiLink client (SQL Anywhere or UltraLite) verifies the identity of a MobiLink server.

Efficiency

The transport-layer security protocol uses a combination of public-key and symmetric key encryption. Public-key encryption provides better authentication techniques, but is computationally intensive. Once a secure connection is established, the client and server use a highly efficient symmetric cipher with 128-bit key size for the rest of their communication.

Certificates

SQL Anywhere includes a tool called createcert that allows you to create X.509 certificate files for transport-layer security. However, if you need to verify the existence of third-party certificates, or if you need more secure certificates, you can purchase the certificates from certificate authorities.

Database file encryption

For information about database file encryption, see:


TLS support
FIPS-approved encryption technology