Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 10.0.1 » SQL Anywhere Server - Database Administration » Transport-Layer Security » Introduction to transport-layer security

Introduction to transport-layer security Next Page

TLS support

RSA, ECC, and FIPS encryption are not available on all platforms.

Separately licensed component required

ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.

See Separately licensed components.

RSA encryption

RSA encryption is provided free with SQL Anywhere and can be used for client/server communication, synchronization, and web services. This implementation has not been FIPS-certified. A FIPS-certified RSA implementation requires a separate license.

For a list of supported platforms for RSA, see:

ECC encryption

For a list of supported platforms for ECC, see:

FIPS-approved encryption technology

You can use FIPS-certified security algorithms to encrypt your database files, or to encrypt communications for database client/server communication, web services, and MobiLink client/server communication. Federal Information Processing Standard (FIPS) 140-2 specifies requirements for security algorithms. FIPS 140-2 is granted by the American and Canadian governments through the National Institute of Standards and Testing (NIST) and the Canadian Communication Security Establishment (CSE).

FIPS technology requires a separate license. See Separately licensed components.

SQL Anywhere uses two FIPS-certified modules for encryption, both from Certicom. On Palm OS, SQL Anywhere uses Certicom Security Builder Government Services Edition v1.0.1. This is number 316 on the page [external link] On Windows (desktop and CE) and Unix platforms, SQL Anywhere uses Certicom Security Builder FIPS Module v2.0. This is number 542 on the same page.

For transport-layer security, FIPS is only available for RSA encryption. (ECC is not yet covered by the FIPS program.)

Optionally, you can enforce the use of FIPS with a FIPS option. When you set the FIPS option to on, all secure communications must be over FIPS-approved channels. If non-FIPS RSA is selected, it is automatically upgraded to FIPS RSA. If ECC is selected, an error is reported. You must set the FIPS option for each computer on which you want FIPS to be enforced. SQL Anywhere and MobiLink servers have a -fips command line option, and clients have a fips option that can be set with the encryption parameter.

For a list of supported platforms for FIPS, see the Separately Licensed Components sections of the SQL Anywhere, UltraLite, and MobiLink tables in [external link] SQL Anywhere 10.0.1 Components by Platform.

For information about encrypting SQL Anywhere database files with FIPS technology, see Strong encryption.


SQL Anywhere includes a tool called createcert that allows you to create X.509 certificate files for transport-layer security. However, if you need to verify the existence of third-party certificates, or if you need more secure certificates, you can purchase the certificates from certificate authorities.