Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 12.0.0 » SQL Anywhere Server - Database Administration » Security » Transport-layer security » Encrypting SQL Anywhere client/server communications » Configuring client applications to use transport-layer security

 

Establishing a client connection using transport-layer security

To set up client applications to use transport-layer security, use the Encryption [ENC] connection parameter in your connection string. The connection string takes the following form (which must be written all on one line):

Encryption=tls(
   tls_type=cipher;
   [ fips={ y | n }; ]
   trusted_certificates=public-certificate
 [ certificate_company=organization; ]
 [ certificate_name=common-name; ]
 [ certificate_unit=organization-unit ] )
  • cipher   can be rsa or ecc for RSA and ECC encryption, respectively. The default is rsa. For FIPS-approved RSA encryption, specify tls_type=rsa;fips=y. RSA FIPS uses a separate approved library, but is compatible with SQL Anywhere 9.0.2 or later database servers using RSA. You cannot specify fips=y with tls_type=ecc.

    The connection fails if the cipher does not match the encryption (RSA or ECC) used to create your certificates.

  • public-certificate   is the path and file name of a file that contains one or more trusted certificates. If you are using FIPS-approved RSA encryption, you must generate your certificates using RSA. See trusted_certificates protocol option.

  • organization   forces the client to accept server certificates only when the Organization field on the certificate matches this value. See certificate_company protocol option.

  • common-name   forces the client to accept server certificates only when the Common Name field on the certificate matches this value. See certificate_name protocol option.

  • organization-unit   forces the client to accept server certificates only when the Organization Unit field on the certificate matches this value. See certificate_unit protocol option.

For more information about trusted_certificates and other client security parameters, see Verifying certificate fields and Using the trusted_certificates protocol option.

For more information about creating or obtaining the certificate, see Creating digital certificates.

For more information about the encryption connection parameter, see Encryption (ENC) connection parameter.

 Example