The following compatibility matrix details the forward and backward compatibility between OpenEdge SQL clients and OpenEdge SQL servers. It is important to note that clients running OpenEdge Release 13.0 and earlier can communicate with newer OpenEdge SQL servers running Release 13.0.
Client version Client FIPS status Server version Server FIPS status Behavior
Pre-13.0 NA 13.0 and later Enabled
  • JDBC and ODBC SQL clients can connect using clear text passwords only when TLS with FIPS-approved cipher suites are used.
  • When FIPS mode is enabled, OpenEdge SQL server rejects passwords encoded with non–FIPS-compliant encoding prefixes.
  • SQL utilities (SQLDUMP, SQLLOAD, SQLSCHEMA) fail to connect to the server because they use non-FIPS-compliant encoding prefixes.
13.0 and later Enabled Pre-13.0 NA
  • By default, SQL utilities encode passwords using the aedh0 encoding prefix before transmitting them to the server for authentication. Login attempts fail because the OpenEdge SQL server does not support aedh0.
  • JDBC and ODBC clients can establish a successful connection with the server by supplying clear text passwords.
13.0 and later Disabled 13.0 and later Enabled
  • When FIPS mode is enabled, OpenEdge SQL server rejects any connection that uses passwords encoded with non-FIPS-complaint prefixes, including those from JDBC and ODBC clients.
13.0 and later Enabled 13.0 and later Disabled
  • The OpenEdge SQL server can still support and authenticate passwords encoded with aedh0 from JDBC or ODBC clients, regardless of FIPS mode.
  • SQL utilities and JDBC or ODBC clients using aedh0 or clear text password connect successfully.

Notes

  • For more information, see FIPS mode.

  • Starting from OpenEdge Release 13.0, the aedh0 prefix is the default for password encoding in SQL utilities, and it is FIPS-compliant.
  • Database administrators can use the ALTER USER SQL statement, which regenerates the password using Password-Based Key Derivation Function 2 (PBKDF2) for compliance when FIPS mode is disabled.
  • When FIPS mode is enabled on the OpenEdge SQL server, only FIPS-approved cipher suites are allowed for TLS connections, which means older clients may fail the handshake if they do not support these ciphers. For more information, see TLS and FIPS Mode for OpenEdge SQL JDBC and ODBC clients.
  • Disabling FIPS on the client does not change the password encoding behavior because in OpenEdge Release 13, SQL utilities continue to use the aedh0 prefix by default.
  • DataDirect ODBC and JDBC drivers for the OpenEdge database have been enhanced to support longer encoded passwords required for FIPS-compliant encoding generated by the genpassword utility.

    For more information on encoding prefixes supported by genpasspword, see genpassword.