on 05-09-2014 10:48 PM
Hello,
We use SQL Anywhere 11 - dbsrv starts with TLS encryption (-xTCPIP -ec tls(tls_type=rsa;identity=C:\identity.pem;identity_password=pass) ). The client application connects with ODBC and everything works fine.
We tried to migrate to SQL Anywhere 16. After installing version 16 everything works fine - as it was in v.11. But after installing the latest EBF we can't connect to the database. We got TLS handshake failure error.
Dbsrv starts with the same parametrers every time, ODBC doesn't change.
Do you know any solution for that? We cant' find anything online - it's a bit strange. Does anyone use TLS encryption with SQL Anywhere?
TIA,
Patryk
Hi Patryk,
SQL Anywhere 16.0.0.1670 and later use a different implementation of TLS. There were a few minor behaviour changes made. One of these is likely the source of your problem.
Are you using the FIPS libraries or just the standard SQL Anywhere TLS? If you are using FIPS you may need to convert your identity file from triple DES encryption to AES.
If you are using a self-signed certificate, we now require the certificate signing key usage bit to be set. Could you check your certificate using the 'viewcert' utility? What is the output beside 'Key Usage'?
Thanks,
Mikel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Lots of people use TLS, and there have been several behavior changes to TLS support over the years since Version 11... have you studied those changes?
FWIW when upgrading to SQL Anywhere 16 from version X, it is highly recommented that drill down and read ALL of the "Behavior Changes" sections for ALL of the versions after X, up to 16, in this section of the Help.
If you still have the problem after confirming that the behavior changes have either been accomodated or don't affect you, please show us the exact error message you are getting, the exact command line used to start the engine, and the exact connection string that is failing (you can obfuscate names and passwords but please BE CAREFUL not to disturb any keywords).
Also make sure you are using a post-Heartbleed EBF (1824 for Windows, 1894 for Mac OS, etc), and confirm what the build number is.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.