Use Database Replication

TLS properties

Save PDF

TLS properties

Save PDF

Last Updated: January 26, 2026
1 minute read

OpenEdge
Version 12.8
Documentation

Transport Layer Security (TLS) properties are found after the [ssl] section in the properties files for the OpenEdge Replication source and target databases. A properties file can only have one [ssl] section.

Note: When you add comments to a properties file, place them on a new line that begins with the pound sign (#). Do not specify a comment on the same line as a property value definition.

Separate the property names and values with an equals sign (for example, ssl-enable=1).

Note: OpenEdge databases configured for OpenEdge Replication may run as TLS clients or servers, depending on their role in the replication set.

For more information, see How OpenEdge Replication works with Transport Layer Security.

Table 1 lists TLS properties and their values.

Table 1. TLS properties
Property name	Value	Description
`cert-store-path`	`pathname`	For an SSL client, the absolute path of the directory containing the SSL certificate for OpenEdge Replication SSL.
`cipher-suites`	`cipher_suite[,` `cipher_suite]`	A comma-separated list of the SSL cipher suites that can be used for any OpenEdge Replication SSL network connections for the replication database. Cipher suites are: AES128-SHA256 AES256-SHA256 DHE-RSA-AES256-GCM-SHA384
`key-alias`	`alias-name`	For an SSL server, the key alias of the SSL key that will be used in OpenEdge Replication SSL.
`key-alias-password`	`password`	For an SSL server, the key alias password of the SSL key that will be used in OpenEdge Replication SSL. The value of this property is encodeed to avoid exposing the actual password to unauthorized viewers of the properties file. You can generate the encodeed form of the password using the `genpassword` utility.
`key-store-path`	`pathname`	For an SSL server, the absolute path of the directory containing the SSL key and certificate for OpenEdge Replication SSL.
`no-host-verify`	`0 \| 1`	Specifies whether or not the client verifies the SSL server's machine name. During the SSL handshake process, the SSL client may want to verify that the machine name where the SSL server runs matches what is in the server’s certificate. 0 — Enables verification. 1 — Disables verification. In OpenEdge Replication, it is not guaranteed that the SSL server’s host machine name will match what is stored in the server’s certificate. For this reason, it is a best practice to disable this property.
`ssl-enable`	`0 \| 1`	Specifies whether or not SSL use is enabled for the replication database. 0—SSL use is disabled. This is the default. 1—SSL use is enabled. The property affects all replication processes that may run against the replication database.
`ssl-protocols`	`protocol_version[, protocol_version]`	A comma-separated list of the SSL protocol versions that can be used for any OpenEdge Replication SSL network connections for the replication database. Supported SSL protocols are: TLSv1.1 TLSv1.2 TLSv1.3

The replication databases on either end of any SSL-enabled replication network connection must support at least one common cipher-suite and ssl-protocol. During the SSL connection and handshake process, if there is not at least one commonly supported cipher-suite and ssl-protocol between the two replication databases, the handshake process fails and the connection cannot be established.