The following set of TLS properties are used to establish TLS protocol communication using OpenEdge networking from a unified broker configuration using the ubroker.properties file:

Table 1. TLS properties used to establish TLS protocol communication

Property	Default Value	Description
sslEnable	0	Enables TLS-secure connections to a DataServer broker instance from remote DataServer clients. To enable TLS security for incoming client connections, set the property value to 1. While the sslEnable switch enables the infrastructure needed to make TLS connections, it does not initiate the start of an TLS connection dialogue.To start the dialog, the srvrStartupParam must be appended with the "-ssl" startup parameter.
keyAlias	default_server	Specifies the alias set for a private/public key. If this property is not set, the server certificate alias that is provided by OpenEdge is used.
keyAliasPasswd	aedh0::ce8abe226a3f1cfec0e8bcac045c4f4954a28f642b31feb643836cabf2c491d26d6af91b8de3117ad3f476f4f6563a69	Specifies the encoded password set for the alias of the private/public-key to access the server Private Key / Digital Certificate key store entry. You can use the OpenEdge provided genpassword utility for encoding your passwords. For more information on the genpassword utility, see genpassword.
keyStorePath	$DLC/keys	Specifies the key store location.
keyStorePasswd	NA	Specifies the password used for accessing the custom keystore. This password is expected to be encoded. You can use the OpenEdge provided genpassword utility for encoding your passwords. For more information on the genpassword utility, see genpassword.
noSessionCache	0	0 - enable TLS session caching (stores TLS information) 1 - disable TLS session caching (no TLS information persisted)
srvrStartupParam	-svub -S X -N TCP -U X -P X -hs 0 -s 40	Specifies server/agent startup parameters that each process uses when the broker starts it. The default startup parameters can be appended with the "-ssl" parameter in order to initiate server/agents in TLS secure connection mode as follows:-svub -S X -N TCP -U X -P X -hs 0 -s 40 –ssl. When agents are started with the -ssl switch, they can only accept TLS-enabled client connections. This property can be dynamically updated. Dynamic changes affect only new agents that are started after this value is changed.
sslCiphers	AES128-SHA256	The TLS algorithm list to use in arbitrating an TLS session with an TLS client. Also referred as server Ciphers
certStorePath	@{Startup\DLC}\certs\	The path to the trusted certificate store. The root certificate for the certificate authority that was used to sign the server certificate should be specified by this path. Client can mention Cert Store path on the command line i.e. _progres -b -p client.p -certstorepath @{Startup\DLC}\certs\

When a DataServer instance of the Unified Broker is configured for TLS, the server/agent does not attempt to auto-correct the client's connection attempt when the client connects in non-TLS mode. Instead, the connection request is rejected by the server/agent and an exception is logged. Client users must explicitly initiate their server connection in TLS mode in order to connect to an TLS-enabled DataServer broker instance of the Unified Broker.