TLS Connector
The TLS network connector provides an encrypted network connection between the Uniface Router and its Uniface Servers and client applications. It can also be used by the UPOPMAIL component to connect to SMTP servers over TLS.
It implements the Transport Layer Security Protocol, which adds an encryption layer to TCP/IP communication that the TCP connector does not provide. Communication is therefore much more secure than with the TCP network connector.
The physical connection is still created using the TCP connector. If you have set connector options for the TCP connector, these settings stay in effect for all TLS connections.
The TLS connector uses OpenSSL to perform key exchange, certificate verification, encryption, and message authentication.
Each path that uses the TLS connector can be configured separately. The TLS connector can be configured to use either a pre-shared key or certificates to secure the connection and encrypt the data.
When correctly configured, certificates provide much better security than a pre-shared key because of the certificate verification and the ability to use ciphers that have forward secrecy. Certificate authentication uses a public key and a private key (asymmetric key) that is only needed on one end, whereas the pre-shared key is the same on both ends of the connection (symmetric key). The secret key is therefore known to fewer people or entities than a pre-shared key.
Man-in-the-middle attacks can still be mounted against TLS-protected connections, so it is important that TLS connections be correctly configured and implemented. For more information, see Man-In-The-Middle Attacks.
Connector Feature | Description | |
---|---|---|
Mnemonic | TLS | |
Supported versions |
SSL3 – TLS 1.2 For the supported platforms, see Platform Availability Matrix. |
|
Supported Encryption Algorithms | For more information, see TLS Authentication Modes and Ciphers Supported by the TLS Connector. | |
Supported applications |
|