Transport Layer Security Protocol (TLS)

The TLS protocol use certificates to exchange a session key between the node that initiates the data transfer process (the primary node, or PNODE) and the other node that is part of the communications session (the secondary node, or SNODE). A certificate is an electronic document that associates a public key with an individual or other entity. It enables you to verify the claim that a given public key belongs to a given entity. Certificates can be self-issued (self-signed) or issued by a certificate authority (CA). See Self-Signed and CA-Signed Certificates for details on the differences between self-signed and CA-issued certificates.

When a CA receives an application for a certificate, the CA validates the applicant's identity, creates a certificate, and then digitally signs the certificate, thus vouching for an entity's identity. A CA issues and revokes CA-issued certificates.

Self-signed certificates are created and issued by the owner of the certificate, who must export the certificate in order to create a trusted root file that includes this certificate and supply the trusted root file to the partner in a connection.

TLS 1.3

TLS 1.3 adds new features for improved security. For more information, see RFC 8446, section 1.2 Major Differences from TLS 1.2.

Deprecated Protocols

SSL3.0, TLS 1.0 and TLS 1.1 protocols are deprecated and should not be used. It is recommended that trading partners using deprecated protocols migrate to TLS 1.3 or TLS 1.2.

If deprecated protocols are required, TLS 1.3 should not be enabled in the trading partner's configuration, otherwise the handshake may fail. Deprecated protocols should be exclusively configured per node.

The Secure+ feature continues to support SSL 3.0, TLS 1.0 and TLS 1.1.