This topic discusses various options you can set for SQL OpenNet in the net.ini file. The topics listed below discuss some additional options and environment variables you can set.
- For database-specific options, see %SSC_CMD.
- For date and time options, see %SSC_OPTION.
- For logging options, see SQL Connection troubleshooting and error logging.
- (Windows) To prevent the SQL OpenNet server from hanging if a thread fails, see the VORTEX_HOST_HIDEGPF environment variable.
- (Windows) If you want SQL OpenNet to crash when there’s an access violation so that you can attach to the Windows debugger at the request of Synergy/DE Developer Support, see the VORTEX_HOST_NOSEM environment variable.
\When you install Connectivity Series, the installation creates a default net.ini file with a default encryption setting in the connect\synodbc\lib directory. This file is used by SQL OpenNet, and it is not overwritten when you upgrade Connectivity Series or removed when you uninstall. We also distribute a file named net_base.ini (located in the same directory), which contains the default settings and can be used as a reference. The net_base.ini file is overwritten when you upgrade Connectivity Series.
The primary purpose of the net.ini file is to enable you to specify an encryption key for the client (using the key_connect setting) and to set SSL encryption (data packet encryption) options. It is important that you change the default key_connect setting in net.ini because the default is widely-used and therefore not secure.
There are other options that you can set in net.ini (see the table below), but you should do so only when instructed to by Synergy/DE Developer Support to debug a specific problem.
The net.ini file must be on the client in the connect\synodbc\lib directory.
|
The Connectivity Series installation (Windows), setsde (Unix), or SYS$MANAGER:CONNECT_STARTUP.COM (OpenVMS) sets the VORTEX_HOME environment variable to point to the connect\synodbc directory, which contains the \lib subdirectory where net.ini is located. Do not change this setting. We recommend that you have only a single net.ini file on the client machine. SQL Connection checks the current directory before VORTEX_HOME\lib, so additional net.ini files in other locations may be used and could cause an “Invalid connect string syntax” error. On Windows, because VORTEX_HOME is set at the system level, if you install both 64-bit and 32-bit Connectivity Series on the same 64-bit machine, the last version installed determines the VORTEX_HOME setting by overwriting the previous setting. So, when you edit the net.ini file, you’ll need to make sure you change the correct one. |
Do not include any control characters in the net.ini file; they will cause an “invalid integer” error when you connect to the database.
|
Option |
Description and syntax |
|---|---|
|
connect_timeout |
Specifies the number of seconds for socket connection time-out. The default is 0 (no time-out). To set a connection time-out, use the following syntax, where n is the number of seconds: connect_timeout n
|
|
hostenv0 |
Specifies a comma-delimited list of environment variables to be passed to and set on the server. hostenv0 var_name=var_spec[,var_name2=var_spec2,...]
|
|
key_connect |
Specifies a key for the algorithm used to encrypt user names and passwords for the database and for the host (if vtxnetd or vtxnet2 is also started with the -k option). This encrypts user names and passwords being sent across the wire. key_connect n
where n is any number between 1 and 2,147,483,647. The value for n must be the same on both the client (where it is set with this net.ini option) and the server (where it is set with the -k option on the vtxnetd or vtxnet2 command line). We strongly recommend changing this setting; the default setting is not secure. See vtxnetd and vtxnet2 programs for more information. Do not set key_connect to 0 (zero). |
|
packetsize |
Specifies the minimum network packet size used by SQL OpenNet. The default is 8192 bytes. This option defines a minimum size for an aggregate buffer, which is a buffer created when data for multiple network packets needs to be sent to the client. This reduces network traffic by combining packets and sending them as a unit with the specified minimum size. To set a packet size, use the following syntax, where size is the size in bytes: packetsize size
Changing the default packet size may cause performance problems. The packet size should not be less than that of the prefetch buffer (specified with the bufsize argument for %SSC_INIT) plus 200 bytes. If you are using a WAN, you may want to change this value to reduce load on the network. The packet size used by SQL OpenNet server is set by the packetsize setting in the net.ini file on the client. |
|
port |
Sets the communication port number for SQL OpenNET. This setting overrides the setting in the services file. On the client, we recommend setting the port in the connect string. See Port settings. port port_number
|
|
read_timeout |
Specifies how long (in seconds) SQL OpenNet should wait for a read operation to complete. The default is 0, which prevents a time-out. read_timeout time
|
|
return_errno |
Instructs SQL OpenNet to return an operating system error code (rather than -1) if there’s a communication error. For example, if an attempt to connect to a database on a server generates the TCP/IP socket error 10061, the %SSC_CONNECT function will return “10061” if this option is set to yes and “-1” if this option is set to no. The default is no. return_errno yes|no |
|
ssl |
Specifies whether the SQL OpenNet client requires SSL encryption (data packet encryption). ssl yes|no If ssl is set to yes, the SQL OpenNet service must use SSL encryption, and the ssl_certfile and ssl_protocol settings in net.ini are used as default client settings for SSL — i.e., they are used unless SSL settings in a %SSC_CMD call override them. (see %SSC_CMD). If ssl is set to no (the default), ssl_certfile and ssl_protocol settings in net.ini are ignored, and the SQL OpenNet client will not require SSL encryption unless SSL settings in a %SSC_CMD call require it. Note that SSL encryption is used if the SQL OpenNet service is set to use it, regardless of this or any other client-side SSL setting for SQL OpenNet. (For information on server-side SSL settings for SQL OpenNet, see vtxnetd and vtxnet2 programs.) For information on installing and configuring SSL for SQL OpenNet, see Using data packet encryption for SQL OpenNet. |
|
ssl_certfile |
(Deprecated in version 12.1) Specifies the name and location of a file on the client that is used by default to validate the server certificate for SSL (the certificate used for the SQL OpenNet service). If the server certificate is from a trusted certificate authority (CA), this setting should specify a certificate trust store file on the client (see Requesting a certificate from a certificate authority). If the server certificate is self-signed, this setting should specify a root certificate on the client (see Creating a local certificate authority). If no certificate trust store or root certificate is specified for an SQL OpenNet connection (specified in net.ini or with %SSC_CMD), the SQL OpenNet client will not validate the server certificate. This setting is used only if the ssl option (in net.ini) is set to yes. %SSC_CMD settings may override this setting. |
|
ssl_protocol |
Specifies which TLS protocol level(s) the SQL OpenNet client will require by default for SSL encryption. Levels 1.1 and 1.2 are supported, but SQL OpenNet server settings determine which levels are available (see Encrypting data packets (-e)). Security best practices require TLS 1.2. If the level (or levels) specified by the client is lower than available levels for SQL OpenNet, an error will be reported. To specify more than one TLS level, enter the levels separated by a comma: ssl_protocol tls_level#[,tls_level#,...] With OpenSSL 1.0.2, SQL OpenNet will use the highest of these levels that is available for the SQL OpenNet service. With OpenSSL 1.1.1x and higher, SQL OpenNet will use the first level specified here as a minimum (if a higher level is available, it will use that), and it will ignore any other TLS levels specified here. This setting is used only if the ssl option (in net.ini) is set to yes. %SSC_CMD settings may override this setting. |
|
tcp_keepalive |
Sets the value of the TCP keepalive timer (in seconds). This reduces the delay before a broken socket is detected. The default is 600 seconds (10 minutes). tcp_keepalive time |
|
write_timeout |
Specifies how long (in seconds) SQL OpenNet should wait for a write operation to complete. The default is 0, which prevents a time-out. write_timeout time
|
The following example net.ini file sets the encryption key to 6541, sets the packet size to 1300, sets the port to 1990, instructs SQL OpenNet to return error codes for communication errors, sets the read time-out to 60 seconds, sets the write time-out to 60 seconds, and sets the ENV1 and ENV2 environment variables on the server.
rem SQL OpenNet init file key_connect 6541 packetsize 1300 port 1990 return_errno yes read_timeout 60 write_timeout 60 hostenv0 ENV1=c:\data,ENV2=c:\data2
