Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 11.0.1 (Français) » MobiLink - Server Administration » Using MobiLink Server Technology » MobiLink server options

 

-x option

Sets network protocol and protocol options for MobiLink clients. These are used by the MobiLink server to listen for synchronization requests.

Composants nécessaires sous licence distincte

Les cryptages ECC et certifié FIPS exigent une licence distincte. Toutes les technologies de cryptage fort sont soumises à la réglementation en matière d'exportation.

Pour plus d'informations, reportez-vous à la section Separately licensed components.

Syntax
mlsrv11 -c "connection-string" -x protocol[ protocol-options ] ...
protocol : tcpip | tls | http | https
protocol-options : ( option=value; ... )
Default

The default is TCPIP with port 2439.

Parameters

The allowed values of protocol are as follows:

  • tcpip   Accept connections using TCP/IP.

  • tls   Accept connections using TCP/IP using transport-layer security.

  • http   Accept connections using the standard Web protocol.

  • https   Accept connections using a variant of HTTP that handles secure transactions. The HTTPS protocol implements HTTP over SSL/TLS using RSA or ECC encryption.

You can also specify the following network protocol options, in the form option=value. You must separate multiple options with semicolons.

  • TCP/IP options   If you specify the tcpip protocol, you can optionally specify the following protocol options (these options are case sensitive):

    TCP/IP protocol option Description
    host=hostname The host name or IP number on which the MobiLink server should listen. The default value is localhost.
    ignore=hostname A host name or IP number that gets ignored by the MobiLink server if it makes a connection. This option allows you to ignore requests from load balancers at the lowest possible level, preventing excessive output in the MobiLink server log and MobiLink Monitor output files. You can specify multiple hosts to ignore; for example -x tcpip(ignore=lb1;ignore=123.45.67.89). If you specify multiple instances of -x on a command line, the host is ignored on all instances; for example, if you specify -x tcpip(ignore=1.1.1.1) -x http, then connections for 1.1.1.1 are ignored on both the TCP/IP and the HTTP streams. However, this does not affect connections via the -xo option.
    port=portnumber The socket port number on which the MobiLink server should listen. The default port is 2439, which is the IANA registered port number for the MobiLink server.

  • Options for TCP/IP with transport-layer security   If you specify the tls protocol, which is TCP/IP with transport-layer security, you can optionally specify the following protocol options (these options are case sensitive):

    TLS protocol options Description
    fips={yes|no} If you specify the TLS protocol with tls_type=rsa, you can specify fips=yes to accept connections using the TCP/IP protocol and FIPS-approved algorithms for encryption. FIPS connections use separate FIPS 140-2 certified software. Servers using RSA encryption without FIPS are compatible with clients using RSA with FIPS, and servers using RSA with FIPS are compatible with clients using RSA without FIPS.
    host=hostname The host name or IP number on which the MobiLink server should listen. The default value is localhost.
    ignore=hostname A host name or IP number that gets ignored by the MobiLink server if it makes a connection. This option allows you to ignore requests from load balancers at the lowest possible level, preventing excessive output in the MobiLink server log and MobiLink Monitor output files. You can specify multiple hosts to ignore; for example -x tcpip(ignore=lb1;ignore=123.45.67.89).
    port=portnumber The socket port number on which the MobiLink server should listen. The default port is 2439, which is the IANA registered port number for the MobiLink server.
    tls_type={rsa|ecc}

    If you specify the TCP/IP protocol as tls, you can specify either elliptic-curve cryptography (ecc) or RSA encryption (rsa). For backward compatibility, ecc can also be specified as certicom. The default tls_type is rsa.

    When you use TLS, you must specify an identity and an identity password:

    • identity=identity-file   Specify the path and file name of the identity file that is to be used for server authentication.

    • identity_password=password   Specify the password for the identity

    See Starting the MobiLink server with transport-layer security.

    e2ee_type={rsa|ecc}

    The type of the key used to exchange session keys. Must be either rsa or ecc, and must match the key type in the private key file (see next option). The default e2ee_type is rsa.

    e2ee_private_key=file

    The PEM-encoded file containing the rsa or ecc private key. This option is required for end-to-end encryption to take effect.

    PEM-encoded files are created using the createkey utility. See Key Pair Generator utility (createkey).

    e2ee_private_key_password=password

    The password to the private key file. This option is required for end-to-end encryption to take effect.

  • HTTP options   If you specify the http protocol, you can optionally specify the following protocol options (these options are case sensitive):

    HTTP options Description
    buffer_size=number The maximum body size for an HTTP message sent from MobiLink server, in bytes. Changing the option decreases or increases the amount of memory allocated for sending HTTP messages. The default is 65535 bytes.
    host=hostname The host name or IP number on which the MobiLink server should listen. The default value is localhost.
    port=portnumber The socket port number on which the MobiLink server should listen. The port number must match the port the MobiLink server is setup to monitor. The default port is 80.
    version=http-version The MobiLink server automatically detects the HTTP version used by a client. This parameter is a string specifying the default version of HTTP to use in case the server cannot detect the method used by the client. You have a choice of 1.0 or 1.1. The default value is 1.1.

  • HTTPS options   The HTTPS protocol uses RSA or ECC digital certificates for transport-layer security. If you specify FIPS encryption, the protocol uses separate FIPS 140-2 certified software that is compatible with https.For more information, see Starting the MobiLink server with transport-layer security.

    If you specify the https protocol, you can optionally specify the following protocol options (these options are case sensitive):

    HTTPS options Description
    buffer_size=number The maximum body size for an HTTPS message sent from MobiLink server, in bytes. Changing the option decreases or increases the amount of memory allocated for sending HTTPS messages. The default is 65535 bytes.
    identity=server-identity The path and file name of the identity file that is to be used for server authentication. For HTTPS, this must be an RSA certificate.
    identity_password=password

    An optional parameter that specifies a password for the identity file.

    See Transport-layer security.

    fips={yes|no} You can specify fips=yes to accept connections using the HTTPS protocol and FIPS-approved algorithms for encryption. FIPS connections use separate FIPS 140-2 certified software. Servers using RSA encryption without FIPS are compatible with clients using RSA with FIPS, and servers using RSA with FIPS are compatible with clients using RSA without FIPS.
    host=hostname The host name or IP number on which the MobiLink server should listen. The default value is localhost.
    port=portnumber The socket port number on which the MobiLink server should listen. The port number must match the port the MobiLink server is set up to monitor. The default port is 443.
    tls_type={rsa|ecc}

    If you specify the TCP/IP protocol as tls, you can specify either elliptic-curve cryptography (ecc) or RSA encryption (rsa). For backward compatibility, ecc can also be specified as certicom. The default tls_type is rsa.

    When you use transport-layer security, you must specify an identity and an identity password:

    • identity=identity-file   Specify the path and file name of the identity file that is to be used for server authentication.

    • identity_password=password   Specify the password for the identity file.

    See Starting the MobiLink server with transport-layer security.

    version=http-version The MobiLink server automatically detects the HTTP version used by a client. This parameter is a string specifying the default version of HTTP to use in case the server cannot detect the method used by the client. You have a choice of 1.0 or 1.1. The default value is 1.1.
    e2ee_type={rsa|ecc}

    The type of the key used to exchange session keys. Must be either rsa or ecc, and must match the key type in the private key file (see next option). The default e2ee_type is rsa.

    e2ee_private_key=file

    The PEM-encoded file containing the rsa or ecc private key. This option is required for end-to-end encryption to take effect.

    PEM-encoded files are created using the createkey utility. See Key Pair Generator utility (createkey).

    e2ee_private_key_password=password

    The password to the private key file. This option is required for end-to-end encryption to take effect.

Example

The following command line sets the port to 12345:

mlsrv11 -c "dsn=SQL Anywhere 11 CustDB;uid=DBA;pwd=sql" -x tcpip(port=12345)

The following example specifies the type of security (RSA), the server identity file, and the identity password protecting the server's private key:

mlsrv11 -c "dsn=my_cons"
 -x tls(tls_type=rsa;identity=c:\test\serv_rsa1.crt;identity_password=pwd)

The following example is similar to the previous, except that there is a space in the identity file name:

mlsrv11 -c "dsn=my_cons"
 -x "tls(tls_type=rsa;identity=c:\Program Files\test\serv_rsa1.crt;identity_password=pwd)"

The following example shows the use of end-to-end encryption over HTTPS:

mlsrv11 -c "dsn=my_cons" -x https(tls_type=rsa;identity=my_identity.crt;
identity_password=my_id_pwd;e2ee_type=rsa;e2ee_private_key=my_pk.pem;
e2ee_private_key_password=my_pk_pwd)