cancel
Showing results for 
Search instead for 
Did you mean: 

SQL Anywhere 16 developer with EBF and TLS encryption - TLS handshake failure

Former Member
0 Kudos

Hello,

We use SQL Anywhere 11 - dbsrv starts with TLS encryption (-xTCPIP -ec tls(tls_type=rsa;identity=C:\identity.pem;identity_password=pass) ). The client application connects with ODBC and everything works fine.

We tried to migrate to SQL Anywhere 16. After installing version 16 everything works fine - as it was in v.11. But after installing the latest EBF we can't connect to the database. We got TLS handshake failure error.

Dbsrv starts with the same parametrers every time, ODBC doesn't change.

Do you know any solution for that? We cant' find anything online - it's a bit strange. Does anyone use TLS encryption with SQL Anywhere?

TIA,

Patryk

Accepted Solutions (1)

Accepted Solutions (1)

former_member244518
Participant
0 Kudos

Hi Patryk,

SQL Anywhere 16.0.0.1670 and later use a different implementation of TLS. There were a few minor behaviour changes made. One of these is likely the source of your problem.

Are you using the FIPS libraries or just the standard SQL Anywhere TLS? If you are using FIPS you may need to convert your identity file from triple DES encryption to AES.

If you are using a self-signed certificate, we now require the certificate signing key usage bit to be set. Could you check your certificate using the 'viewcert' utility? What is the output beside 'Key Usage'?

Thanks,
Mikel

Former Member
0 Kudos

Hi Mikel,

Adding the certificate signing key usage bit resolved the problem. And I must admit, that I found what you wrote in then Bug Fix Readme (Breck was right - we should read it more carefully )

Thanks,

Patryk

Answers (1)

Answers (1)

former_member188493
Contributor
0 Kudos

Lots of people use TLS, and there have been several behavior changes to TLS support over the years since Version 11... have you studied those changes?

FWIW when upgrading to SQL Anywhere 16 from version X, it is highly recommented that drill down and read ALL of the "Behavior Changes" sections for ALL of the versions after X, up to 16, in this section of the Help.

If you still have the problem after confirming that the behavior changes have either been accomodated or don't affect you, please show us the exact error message you are getting, the exact command line used to start the engine, and the exact connection string that is failing (you can obfuscate names and passwords but please BE CAREFUL not to disturb any keywords).

Also make sure you are using a post-Heartbleed EBF (1824 for Windows, 1894 for Mac OS, etc), and confirm what the build number is.

Former Member
0 Kudos

On the 16.0.0.1324 everything works fine. We connect to database without any troubles.

But after installing EBF 1824 we got TLS Handshake error. We don't change anything - just install ebf.

I've checked all the documentation and didn't found anything about TLS troubles.