TLS Connector

The TLS network connector provides an encrypted network connection between the Uniface Router and its Uniface Servers and client applications.

It implements the Transport Layer Security Protocol, which adds an encryption layer to TCP/IP communication that the TCP connector does not provide. Communication is therefore much more secure than with the TCP network connector.

The physical connection is still created using the TCP connector. If you have set connector options for the TCP connector, these settings stay in effect for all TLS connections.

The TLS connector uses OpenSSL to perform key exchange, certificate verification, encryption, and message authentication.

Each path that uses the TLS connector can be configured separately. The TLS connector can be configured to use either a pre-shared key or certificates to secure the connection and encrypt the data.

When correctly configured, certificates provide much better security than a pre-shared key because of the certificate verification and the ability to use ciphers that have forward secrecy. Certificate authentication uses a public key and a private key (asymmetric key) that is only needed on one end, whereas the pre-shared key is the same on both ends of the connection (symmetric key). The private key is therefore known to fewer people or entities than a pre-shared key.

Man-in-the-middle attacks can still be mounted against TLS-protected connections, so it is important that TLS connections be correctly configured and implemented. For more information, see Man-In-The-Middle Attacks.

Connector Feature

Description

Mnemonic

TLS

Supported versions

SSL3 – TLS 1.2

For the supported platforms and product versions, see Platform Availability Matrix.

Supported Encryption Algorithms

For more information, see TLS Authentication Modes and Ciphers Supported by the TLS Connector.

Supported applications

  • Uniface Router
  • Uniface Router Monitor and the UROUTMON API component
  • Uniface Server
  • Web Request Dispatcher (WRD)
  • SOAP Request Dispatcher (SRD)
  • Uniface client applications
  • Uniface Debugger
  • Asynchronous messaging using postmessage, Message Utility, and upostmess() 3GL function.
  • UPOPMAIL (SMTP and POP servers)