Transport-layer security, an IETF standard protocol, secures client/server applications using digital certificates and public-key cryptography.
Clients use trusted public certificates to encrypt data and authenticate servers in the initial client/server handshake. Data transmitted by the client can only be decrypted by the matching private key, which is stored in the database server certificate.
For server authentication, the database server sends its public certificate to the client. The client verifies the identity of the server using certificate fields and the digital signature embedded in the certificate.
The transport-layer security standard overcomes the inefficiencies associated with public-key cryptography. Once a secure connection is established, the client and server exchange a common key. They use a highly efficient symmetric cipher for the rest of their communication.
To use transport-layer security, both server and client must be operating on Solaris, Linux, NetWare, or any supported 32-bit Windows platform except Windows CE, and the connection must be over the TCP/IP port.
FIPS-certified security options are available on Windows only.
