When you enable TLS connections on an ABL server socket object, the socket accepts connections only from TLS clients that can authenticate to your ABL application as an TLS server.

Note: Be very sure you need TLS before using this option. TLS incurs more or less heavy performance penalties, depending on resources and load.

To enable TLS connections on an ABL server socket object, include the TLS parameters shown in the following table as part of the connection parameters string that you pass to the server socket object ENABLE-CONNECTIONS() method. For additional information, see Implementing an ABL socket server.

Table 1. Server socket object TLS connection parameters
Connection parameter Description 
-ssl
 Specifies the all connections to this server socket must use TLS. 
-keyalias aliasname
 Sets the alias name within the keystore of the private key and digital certificate entry to use to authenticate all connections to this server socket. If not specified, the server socket uses the default_server server certificate alias. 
-keyalaispasswd encrypted-password
 Sets the password to use for accessing the private key and digital certificate. You must specify a password when you specify the -keyalias option and the password must be encrypted. You must specify the password as an encrypted value that you can obtain using the genpassword utility located in the bin directory of your OpenEdge installation.If you use the default_server server certificate, it also has a default password that you do not need to specify. 
-nosessioncache
 If specified, caching for the TLS client session is disabled. 
-sessiontimeout [seconds]
 Specifies, in seconds, the length of time that an TLS client session is held in the session cache, during which an TLS client can resume its session. The default is 180 seconds.

For more information on OpenEdge TLS support, key and certificate stores, the genpassword utility, and enabling connections to TLS servers, see Introduction to Security and Auditing.