 |
|
| SAS System Options for Encryption |
NETENCRYPTALGORITHM= System Option
Specifies the algorithm or algorithms to be used for encrypted client/server data transfers.
| Client: | Optional |
| Server: | Required |
| Alias: | NETENCRALG= |
| Valid in: | configuration file, OPTIONS statement, SAS System Options window, SAS invocation |
| Operating Environments: | OpenVMS, UNIX, Windows, z/OS |
| See also: | NETENCRYPT |
| Category: | Communications: Networking and Encryption |
| PROC OPTIONS Group= | Communications |
| Syntax | |
| Syntax Description | |
| Details | |
| Example |
Syntax |
| NETENCRYPTALGORITHM=algorithm | ("algorithm-1"... "algorithm-n") |
Syntax Description
- algorithm | ("algorithm-1"... "algorithm-n")
-
specifies the algorithm or algorithms that can be used for encrypting data that is transferred between a client and a server across a network. When you specify two or more encryption algorithms, use a space or a comma to separate them, and enclose the algorithms in parentheses.
The following algorithms can be used:
Note: The SSL option is not applicable to the Integrated Object Model (IOM) metadata, OLAP, and table servers.
![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
| Details |
The NETENCRYPTALGORITHM= option must be specified in the server session.
Use this option to specify one or more encryption algorithms that you want to use to protect the data that is transferred across the network. If more than one algorithm is specified, the client session negotiates the first specified algorithm with the server session. If the client session does not support that algorithm, the second algorithm is negotiated, and so on.
If either the client or the server session specifies the NETENCRYPT option (which makes encryption mandatory) but a common encryption algorithm cannot be negotiated, the client cannot connect to the server.
If the NETENCRYPTALGORITHM= option is specified in the server session only, then the server's values are used to negotiate the algorithm selection. If the client session supports only one of multiple algorithms that are specified in the server session, the client can connect to the server.
There is an interaction between either NETENCRYPT or NONETENCRYPT and the NETENCRYPTALGORITHM= option.
| Server Settings | Client Settings | Connection Outcome |
|---|---|---|
| NONETENCRYPT | No settings | If the client is capable of encryption, the client/server connection will be encrypted. Otherwise, the connection will not be encrypted. |
| NETENCRYPT | No settings | If the client is capable of encryption, the client/server connection will be encrypted. Otherwise, the client/server connection will fail. |
| No settings | NONETENCRYPT | A client/server connection will not be encrypted. |
| No settings | NETENCRYPT | A client/server connection will fail. |
| NETENCRYPT or NONETENCRYPT | NETENCRALG=alg-2 | Regardless of whether NETENCRYPT or NONETENCRYPT is specified, a client/server connection will fail. |
| Example |
In the following example, the client and the server specify different values for the NETENCRYPTALGORITHM= option.
The client specifies two algorithms in the following OPTIONS statement:
options netencryptalgorithm=(rc2 tripledes);
The server specifies three algorithms and requires encryption in the following OPTIONS statement:
options netencrypt netencryptalgorithm=(ssl des tripledes);
The client and the server negotiate an algorithm that they share in common, TripleDES, for encrypting data transfers.
|
|
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.