You can use the Transport Layer Security (TLS) to provide a security infrastructure that protects communications between a database client and server. TLS provides data privacy over network connections and authentication between clients and servers on those connections using elements of Public Key Infrastructure (PKI). These elements include private and public keys that the clients and servers use to authenticate each other and to set up data encryption and decryption services between the initiator of the communications (TLS client) and the responder (TLS server).

The server is identified by the private key that it stores and the client is identified as a valid TLS client for that server by the public key that it stores and provides to the server. TLS clients gain access to public keys using digital (public key) certificates provided by a trusted certificate authority (CA) that also provides the private key confidentially to the TLS server.

To secure a connection to the database using TLS:

1. Ensure that your OpenEdge RDBMS is TLS-enabled. This requires that you:
   1. Install a private key and server certificate on the database server or use the default private key and certificate installed with the server by OpenEdge.
   2. Startup the database server with the startup parameters required to enable TLS database connections.
2. Ensure that your ABL client system has a public key certificate installed that corresponds to the private key installed and used to support TLS on the database server.
3. Using the startup command line or the CONNECT() statement, connect to the database using the client connection parameters required to establish a TLS connection, as shown in the following table.

   Table 1. TLS database connection parameters

   Connection parameter	Description
   TLS-based Connection (-ssl)	Specifies a Transport Layer Security (TLS) connection. (Required)
   No Host Verify (-nohostverify)	Turns off host verification for a Transport Layer Security (TLS) connection. (Optional)
   No Session Reuse (-nosessionreuse)	Avoids the reuse of a Transport Layer Security (TLS) session ID. (Optional)

For more information on:

• OpenEdge TLS support and how to manage private and public keys and certificates to secure connections, see Learn about Security and Auditing
• How to enable a database server for TLS connections, see Manage the OpenEdge Database
• The database server startup and connection parameters used to enable TLS, see Startup Command and Parameter Reference