ASA Database Administration Guide
Connection and Communication Parameters
Connection parameters
To encrypt packets sent between the client application and the server.
For ECC_TLS (Certicom), RSA_TLS, TCP/IP only.
For none or simple, anywhere.
String
NONE
If an Encryption value is not set, encryption is controlled by the setting on the server, which defaults to no encryption.
You can use this parameter if you are concerned about the security of network packets. Encryption does affect performance marginally. The Encryption (ENC) connection parameter accepts the following arguments:
none accepts communication packets that are not encrypted. This value is equivalent to NO in previous versions of Adaptive Server Anywhere.
simple accepts communication packets that are encrypted with simple encryption supported on all platforms and on previous versions of Adaptive Server Anywhere. This value is equivalent to YES in previous versions of Adaptive Server Anywhere.
ECC_TLS (formerly Certicom) accepts communication packets that are encrypted using Certicom encryption technology. To use this type of encryption, both the server and the client must be operating on Solaris, Linux, NetWare, and all supported Windows operating systems except Windows CE, and the connection must be over the TCP/IP port. UNIX platforms, except for Solaris and Linux, do not recognize the client or server Certicom parameter. To authenticate the server, the Certicom software verifies that the server's certificate values match any values you supply about the client using the following arguments:
trusted_certificates specify the certificate file the client uses to authenticate the server.
certificate_company specify the value for the organization field. The server's value and the client's value must match.
certificate_unit specify the value for the organization unit field. The server's value and the client's value must match.
certificate_name specify the certificate's common name. The server's value and the client's value must match.
RSA_TLS accepts communication packets that are encrypted using RSA encryption technology. To use this type of encryption, both the server and the client must be operating on Solaris, Linux, NetWare, and all supported Windows operating systems except Windows CE, and the connection must be over the TCP/IP port. UNIX platforms, except for Solaris and Linux, do not recognize the client or server RSA_TLS parameter. To authenticate the server, the Certicom software verifies that the server's certificate values match any values you supply about the client using the following arguments:
trusted_certificates specify the certificate file the client uses to authenticate the server.
certificate_company specify the value for the organization field. The server's value and the client's value must match.
certificate_unit specify the value for the organization unit field. The server's value and the client's value must match.
certificate_name specify the certificate's common name. The server's value and the client's value must match.
Caution The sample certificate should be used for testing purposes only. The sample certificate provides no security in deployed situations because it and the corresponding password are widely distributed with Sybase software. To protect your system, you must create your own certificate. |
For information about certificates, see Self-signed certificates.
You can use the connection_property system function to retrieve the encryption settings for the current connection. The function returns one of three values: none, simple, or Certicom, depending which type of encryption is being used.
For information about using the connection_property system function, see CONNECTION_PROPERTY function [System].
The following connection string fragment connects to a database server myeng with a TCP/IP link, using Certicom encryption and the sample trusted certificate:
"ENG=myeng; LINKS=tcpip; Encryption=ECC_TLS (trusted_certificates=sample.crt)"
The following connection string fragment connects to a database server myeng with a TCP/IP link, using RSA encryption and the sample trusted certificate:
"ENG=myeng; LINKS=tcpip; Encryption=RSA_TLS (trusted_certificates=sample.crt)"
Encrypting client/server communications