SSL properties
Table 25-1 lists
the properties that can be set or retrieved using SetGlobalProperty or GetGlobalProperty.
For any SSL connection, you must set the qop (quality of protection)
property and, unless you implement a callback to obtain it, you
must also set the pin property. You also need to connect to a server
address that can support your chosen level of security, as described
in “Secure server addresses”.
When you run a client application in PowerBuilder, you can
set global properties only once during the
PowerBuilder session. You will need to restart PowerBuilder each
time you test the code that sets global SSL properties.
If some properties are
not set or are set incorrectly, an SSL callback method is invoked.
If you do not specify an instance of the SSLCallback object, the default
callback implementation aborts the connection attempt.
Property |
Description |
Get |
Set |
---|---|---|---|
callbackImpl |
Instance of the SSLCallback object. For |
Yes |
Yes |
certificateLabel |
The client certificate to use if the Required for mutual authentication. If not set and the connection requires |
Yes |
Yes |
qop |
The name of a security characteristic |
Yes |
Yes |
cacheSize |
The size of the SSL session ID cache. |
Yes |
Yes |
SessLingerTime |
The number of seconds that a session |
Yes |
Yes |
SessShareCount |
The number of concurrent SSL sessions |
Yes |
Yes |
pin |
The PKCS #11 token PIN. This is required for logging in to a PKCS #11 token If not set, set to |
No |
Yes |
availableQop |
A list of available security characteristics. |
Yes |
No |
availableQopDesc |
A list of descriptions for the available |
Yes |
No |
availableVersions |
A list of SSL protocol versions supported |
Yes |
No |
entrustReady |
TRUE if Entrust PKI software is available |
Yes |
No |
entrustIniFile |
The path name for the Entrust INI file If not set, the getCredentialAttribute callback |
Yes |
Yes |
entrustUserProfile |
The full path to the file containing If not set, the getCredentialAttribute callback |
Yes |
Yes |
useEntrustID |
Whether to use the Entrust ID or the If this property is set to FALSE, Sybase PKCS #11 |
Yes |
Yes |
entrustPassword |
The password for logging in to Entrust If the password is required but not set or set incorrectly, |
No |
Yes |
Choosing a security characteristic
To use SSL, you must specify the name of an available security
characteristic for the qop property. The characteristic describes
the CipherSuites the client uses when negotiating an SSL connection.
When connecting, the client sends the list of CipherSuites that
it uses to the server, and the server selects a CipherSuite from
that list. The server chooses the first CipherSuite in the list that
it can use. If the server cannot use any of the available CipherSuites,
the connection fails.
The EAServer documentation
describes the security characteristics that are provided with EAServer. You can retrieve a list
of characteristics available on the server and their descriptions
by retrieving the availableQop and availableQopDesc properties with GetGlobalProperty.
Secure server addresses
You can connect only to a server listener that uses a security
level that is equivalent to or greater than the level requested
in the qop setting. If you use JaguarORB.string_to_object to
instantiate a proxy for the SessionManager::Manager interface, the
listener specified by the server address must use a security profile
that matches the client’s qop setting.