Release 10.1A: OpenEdge Getting Started:
Core Business Services

Features and services

SSL provides the following features and services:

Transport independence — An application level wire-protocol that runs on top of a reliable transport protocol, such as TCP/IP.
Application independence — Runs in any application environment as supported by vendor ports to different platforms. OpenEdge, in particular, supports SSL running under:
Internet application environments using HTTPS.
Several OpenEdge application environments, including the OpenEdge RDBMS, the AppServer, the WebSpeed Transaction Server, and the OpenEdge Adapter for SonicMQ BrokerConnect. For more information, see Chapter 6, " Secure Sockets Layer (SSL)."
PKI support — Provides the ability for an SSL client to validate an SSL server’s identity, which the server asserts in the form of a public key, so that the client can be assured of who it is communicating with. The server and client use the same key information used to assert the server’s identity to securely exchange session-specific symmetric data encryption keys used to provide data privacy for the SSL session.
Limitations on PKI support — The OpenEdge implementation imposes the following SSL limitations:
No support for optional PKI client authentication by the server.
No support for checking the CA’s CRL list to detect revoked SSL server digital certificates.

SSL can have a significant performance impact on any enterprise network application. The OpenEdge implementation of SSL uses SSL session caching when possible to reduce the performance overhead that SSL connections incur (see the "Session caching" section). However, note that SSL can impose burdens on network application performance in any case.

Caution: Because of its performance impact, be certain that you need the security that SSL provides before you choose to design and build SSL into your application.