Configure TLS client sessions
- Last Updated: January 16, 2024
- 2 minute read
- OpenEdge
- Version 12.8
- Documentation
The following table describes the TLS session properties that you can set for an OpenEdge TLS client.
| Property | Default setting | Description |
|---|---|---|
| Use SSL to connect | No | Specifies if the client connection uses TLS tunneling. |
| Reuse a disconnected SSL session | Yes | Specifies if the connection reuses a previously established and disconnected TLS session when the client connects to an TLS server. |
| Verify the SSL server host name | Yes | Indicates if the client compares the host name of the TLS server with the Common Name specified in the server digital certificate, and raises an error if they do not match. If this property is set to No, the client never raises the error. This can be a useful setting if TLS server identity is likely to be moved from one physical machine to another and you do not want this to interfere with making the connection. |
| Certificate store location (Java Open Client only)1 | None | Specifies the location of the root certificate store used by the client for TLS connections. |
The following table describes the mechanisms for setting TLS session properties for OpenEdge TLS clients and indicates where you can find more information about them.
| This TLS client component: | Relies on this mechanism: | To set its TLS properties as described in: |
|---|---|---|
| ABL database client | Startup and connection parameters |
|
| ABL AppServer client | Connection parameters (for the Internet using the AIA or an intranet) |
|
| ABL client of industry Web services2 | Connection parameters |
|
| ABL client of the SonicMQ BrokerConnect2 | Connection parameters (for the Internet using the AIA or an intranet) |
|
| ABL socket client2 | Connection parameters |
|
| .NET Open Clients of the AppServer | Connection parameters and run-time properties (for the Internet using the AIA or an intranet) |
|
| Java Open Clients of the AppServer | Connection parameters and run-time properties (for the Internet using the AIA or an intranet) |
|
| JDBC or ODBC SQL database clients | Switches on the client connection string |
|
| OpenEdge Replication plugins acting as TLS clients | Replication properties file | Set Up OpenEdge Replication |
| AppServer Internet Adapter (AIA) | The Unified Broker framework |
|
| Sonic ESB Adapter | Sonic ESB tools for managing OpenEdge services |
|
| WebSpeed Messenger | The Unified Broker framework |
|
Other client platforms potentially involved with OpenEdge TLS servers, including Web service clients of OpenEdge Web services (managed by the WSA) and Web browser clients of WebSpeed, provide their own mechanisms for making TLS connections using HTTPS. For more information, see the relevant platform documentation.
1 The certificate store for all OpenEdge-managed TLS clients, except
the Java and .NET Open clients, is installed in the same location under the OpenEdge
installation path for each OpenEdge TLS client. For Java Open Clients, there is no
standard location for the certificate store, so you must manage it using the tools
provided with the Open Client Toolkit and specify its location to configure Java
Open Client TLS connections. For .NET Open Clients, you must locate and manage the
certificate store as provided by the tools available with Microsoft
.NET.
2 ABL code in WebClient applications can also perform any of these TLS client
functions in a user-downloadable application environment. However, note that the
WebClient does not support access to any OpenEdge relational data source, including
the OpenEdge RDBMS. The WebClient relies on the AppServer for all access to OpenEdge
relational data sources. OpenEdge provides separate support for securely downloading
and updating the WebClient and its application code over the Internet or an
intranet. For more information, see Develop Web
Clients.