Try OpenEdge Now
skip to main content
DataServer for Oracle
Configuring the DataServer : Configuring the DataServer in the Unified Broker framework : Establishing the SSL protocol in a DataServer broker instance of the Unified Broker
 

Establishing the SSL protocol in a DataServer broker instance of the Unified Broker

The following set of SSL properties are used to establish SSL protocol communication using OpenEdge networking from a unified broker configuration using the ubroker.properties file:
Table 30. SSL properties used to establish SSL protocol communication
Property
Default Value
Description
sslEnable
0
Enables SSL-secure connections to a DataServer broker instance from remote DataServer clients. To enable SSL security for incoming client connections, set the property value to 1. While the sslEnable switch enables the infrastructure needed to make SSL connections, it does not initiate the start of an SSL connection dialogue.To start the dialog, the srvrStartupParam must be appended with the "-ssl" startup parameter.
keyAlias
default_server
Specifies the alias set for a private/public key. If this property is not set, the server certificate alias that is provided by OpenEdge is used.
keyAliasPasswd
20333c34252a2137
Specifies the encoded password set for the alias of the private/public-key to access the server Private Key / Digital Certificate key store entry. You can use the OpenEdge provided genpassword utility for encoding your passwords
keyStorePath
$DLC/keys
Specifies the key store location.
keyStorePasswd
NA
Specifies the password used for accessing the custom keystore. This password is expected to be encoded. You can use the OpenEdge provided genpassword utility for encoding your passwords.
noSessionCache
0
0 - enable SSL session caching (stores SSL information) 1 - disable SSL session caching (no SSL information persisted)
srvrStartupParam
-svub -S X -N TCP -U X -P X -hs 0 -s 40
Specifies server/agent startup parameters that each process uses when the broker starts it. The default startup parameters can be appended with the "-ssl" parameter in order to initiate server/agents in SSL secure connection mode as follows:-svub -S X -N TCP -U X -P X -hs 0 -s 40 –ssl. When agents are started with the -ssl switch, they can only accept SSL-enabled client connections. This property can be dynamically updated. Dynamic changes affect only new agents that are started after this value is changed.
sslCiphers
AES128-SHA256
The SSL algorithm list to use in arbitrating an SSL session with an SSL client. Also referred as server Ciphers
certStorePath
@{Startup\DLC}\certs\
The path to the trusted certificate store. The root certificate for the certificate authority that was used to sign the server certificate should be specified by this path. Client can mention Cert Store path on the command line i.e. _progres -b -p client.p -certstorepath $RDLQA/tests/SHA2/$alg/certs
When a DataServer instance of the Unified Broker is configured for SSL, the server/agent does not attempt to auto-correct the client's connection attempt when the client connects in non-SSL mode. Instead, the connection request is rejected by the server/agent and an exception is logged. Client users must explicitly initiate their server connection in SSL mode in order to connect to an SSL-enabled DataServer broker instance of the Unified Broker.
Note: This is in contrast to the ProBroker configuration where a DataServer client connection attempted in non-SSL mode receives a return message from the SSL-enabled ProBroker that auto-corrects the connection request and retries it in SSL mode.