Pre-Shared Key Authentication
Pre-shared key authentication uses a pre-shared key to authenticate the communicating peers, and a negotiated cipher and secret shared key for encrypting and decrypting the data. This mode is also known as TLS-PSK.
The pre-shared key is a string that can be any word or phrase that does not include a comma. It is specified using the shared_key connector option. Optionally, you can use the cipher_list connector option to select a specific cipher to be used.
Both the TLS client and the TLS server must be configured to use the same pre-shared key, otherwise the connection will fail and a network error returned. For each path that uses the TLS connection, you need to specify the pre-shared key in both client and server assignment files that use that path.
Note: Pre-shared key authentication is not supported by the Web Request Dispatcher.
Pre-shared key authentication limits the supported encryption ciphers to the following ciphers, which allow decryption of a message with the same key it was encrypted with:
- PSK-AES256-CBC-SHA
- PSK-AES128-CBC-SHA
- PSK-RC4-SHA (disabled by default)
- PSK-3DES-EDE-CBC-SHA (disabled by default)
A pre-shared key can potentially be read by a hacker who has gained read access to your assignment files, so you should take precautions to prevent this, such as restricting read access to the user account under which the Uniface executable runs, and encrypting assignment files using Uniface Pathscrambler.
- Use Pathscrambler to encrypt the key in your assignment files. For more information, see Pathscrambler and Encrypting Paths and Other Sensitive Data Using PathScrambler.
- Restrict
readaccess to the user account under which the Uniface executable runs (for example, uniface for client applications, userver for Uniface Servers, and urouter for Uniface Router).
