Configure TLS server sessions

The following table describes the TLS session properties that you can set for an OpenEdge TLS server.

Table 1. OpenEdge server TLS session properties

Property	Default setting	Description
SSL connections enabled	No	Specifies if all connections to this server must use TLS.
Key alias name	"default_server"	Sets the alias name of the keystore entry used by the TLS server to assert its identify to the TLS client attempting to connect to that server.
Key alias password	20333c34252a2137 (which is "password", encrypted)	Sets the password to use for accessing the authenticating keystore entry. You must specify a password when you specify the key alias name. The password must be encrypted unless you enter it in OpenEdge Management for the given server component, where OpenEdge encrypts the password automatically. Otherwise, you must specify the password as an encrypted value that you can obtain using the genpassword command-line tool located in the bin directory of your OpenEdge installation. For more information on this tool, see Manage OpenEdge Keys and Certificates. If you use the default keystore entry, it also has a default password that you do not need to specify, unless you have changed it in a post installation update of the default server identity (see Manage your own TLS server identity).
Use a session cache	Yes	Specifies if the server provides a cache for TLS client sessions that might be resumed after the client disconnects from the TLS server.
Session time-out	180 seconds	Specifies, in seconds, the length of time that an TLS client session is held in the session cache, during which an TLS client can resume its session. If the client has not reused or resumed a session within the specified amount of time, the TLS session information is discarded and the TLS client must make a full TLS session connection in order to resume access to his server.

The following table describes the mechanisms for setting TLS session properties for OpenEdge TLS servers and indicates where you can find more information about them.

Table 2. Mechanisms for setting OpenEdge TLS server session properites

This TLS server component . . .	Relies on this mechanism . . .	To set its TLS properties as described in . . .
OpenEdge RDBMS	Startup parameters	Database server TLS connection parameters Startup Command and Parameter Reference
OpenEdge Replication plugins acting as TLS servers	Replication properties file	Set Up OpenEdge Replication
ABL socket server	Connection parameters	Enable TLS server connections Connecting an TLS client to an TLS server ABL Reference
PAS for OpenEdge	Catalina properties file (psc.as.https.protocol)	Configure a PAS for OpenEdge instance for TLS KB#112826 "How to set client SSL Protocol and Ciphers in OpenEdge" KB# 199195 "How to configure the TLS versions which are supported by a PASOE instance"
Generic JMS Adapter	Connection parameters	Connection options
OpenEdge Authentication Gateway	Catalina properties file (psc.as.https.protocol)	Configure a PAS for OpenEdge instance for TLS KB#112826 "How to set client SSL Protocol and Ciphers in OpenEdge" KB# 199195 "How to configure the TLS versions which are supported by a PASOE instance"

Other server platforms potentially involved with OpenEdge TLS clients, such as Web servers (or JSEs) and the Sonic ESB, provide their own means for configuring them to use TLS. For more information, see the platform-specific documentation.