Requirements and Constraints for Encrypted Network Communications

Go Up to Encrypting Network Communication

InterBase OTW encryption is provided using SSL v3 and TLS v1 security protocols. SSL uses the X.509 standard for its public key infrastructure. Both the InterBase client and server must have the X.509 files installed to use OTW encryption.

InterBase uses the following conventions on both the client and server sides:

• All the X.509 PKI (public key infrastructure) files, which include the certificate file and the CA files, must be in the Privacy Enhanced Mail (PEM) format.
• The clientCertFile and IBSSL_SERVER_CERTFILE parameters always refer to the PEM formatted file that contains the CA signed certificate and the private key. These files should not be distributed.
• The serverPublicPath and serverPublicFile parameters on the client, and IBSSL_SERVER_CAFILE and IBSSL_SERVER_CAPTH on the server, always refer to the public key certificate.
• InterBase supports both stronger (AES) and weak (DES) encryptions out of the box. InterBase XE and earlier supports the use of weak encryption (DES) out of the box, but to use stronger encryption (AES), you must, due to U.S. export regulations, obtain a strong encryption license from InterBase and install it on the server machine.

Advance To:

• Setting up OTW Encryption