Installing and configuring the OpenSSL toolkit

solidDB Help : Configuring and administering : Security : Installing and configuring the OpenSSL toolkit

OpenSSL provides a cryptography and SSL/TLS toolkit in the form of two libraries (libssl and libcrypto).

You must install one or more of the OpenSSL libraries in order to implement the following solidDB security features:

▪ encrypting solidDB connections by using the TLS protocol (SSL) (requires both libssl and libcrypto libraries), see the following topics:

– Using SSL to encrypt the network connection between an ODBC client and a server

– Using SSL to encrypt the network connection between a JDBC client and a server

▪ encrypting passwords when using external authentication (requires libcrypto library only), see Operating-system-based external authentication.

Also, if you install the OpenSSL libcrypto library, you can use the AES-256 encryption algorithm in the following scenarios (instead of the DES encryption algorithm that is included with solidDB):

▪ to encrypt passwords when using default authentication, see Encrypting passwords for solidDB users by using OpenSSL,

▪ to encrypt databases, see Database encryption.

Note The solidDB distribution does not include the OpenSSL libraries; you can download the libraries from the following OpenSSL site: wiki.openssl.org/index.php/Binaries.

Depending on the type of security feature that you are enabling, you might need to copy the OpenSSL libraries to just the solidDB server computer or also to client computers.

After you have copied the required OpenSSL libraries, make sure that the server or client has access to the libraries. For simplicity, use the following locations:

▪ On Linux and UNIX: libraries (for example, libssl.ver.so) should be in $LD_LIBRARY_PATH.

▪ On Windows: libraries (for example, libssl.ver.dll) should be in %PATH%.

▪ On AIX: libraries (for example libssl.ver.a) should be in $LIBPATH.

Instead of ensuring that the libraries are located in the appropriate path for your operating system, you can specify the paths to the libraries by completing the following steps:

▪ Enter the full path to the libssl library in solid.ini, by using the OpenSSLLibPath parameter (applies to both server-side and client-side solid.ini files), for example:

[Com]
OpenSSLLibPath=/usr/local/lib/libssl.so.1.1.1g.so

For more information, see Communication section (server-side) or Communication section (client-side).

▪ Enter the path to the libcrypto library in solid.ini, by using the CryptoLibPath parameter, for example:

– Server-side solid.ini:

[General]
CryptoLibPath=/usr/local/lib/libcrypto.so.1.1.1g.so

For more information, see General section.

– Client-side solid.ini:

[Client]
CryptoLibPath=/usr/local/lib/libcrypto.so.1.1.1g.so

For more information, see Client section.

See

Setting RSA key length for OpenSSL encryption

Go up to

Security