TLS and SSL Connect:Direct Secure Plus Data Exchange

Data exchange consists of three steps: authentication, sending data, and receiving data. The TLS or SSL protocol data exchange process is described in the following sections. The primary node initiates the data transmission, and the secondary node receives the data. The following description of processing depicts the PNODE as sending data and the SNODE as receiving data.

Authentication

The following steps occur during authentication:

  1. The PNODE sends a control block to the SNODE. The SNODE confirms that it has a record defined in the Connect:Direct® Secure Plus parameters file for the PNODE and determines the cipher suite to use for secure communication. If the SNODE finds a record for the PNODE and a common cipher suite can be negotiated, the session continues.
  2. The SNODE sends its certificate back to the PNODE. Information for creating an encryption key is included. If client authentication is enabled, the SNODE also requests a certificate from the PNODE.
  3. The PNODE verifies that the certificate of the SNODE is in its parameters file and generates a session key. If requested, it sends a client certificate to the SNODE for verification.
  4. The SNODE confirms that a secure environment is established and returns a secure channel message.
  5. The PNODE authenticates the SNODE and establishes communications.

Sending Customer Data

After communication is authenticated, the PNODE begins transmitting data.

  • Information for encrypting data is exchanged in the control blocks.
  • If data compression is enabled, the PNODE compresses the data.
  • The PNODE encrypts the data with a cipher suite recognized by both communications nodes.

Receiving Customer Data

The SNODE receives the data.

  • The SNODE decrypts the data using a cipher suite available for both the PNODE and the SNODE.
  • If the data is compressed, the receiving node decompresses it.