Authentication
The following figure illustrates the authentication process using the TLS or SSL protocol:
The following steps occur during authentication:
- The PNODE (client) sends a control block containing protocol (TLS or SSL) and cipher information to the SNODE (server). The SNODE confirms that it has a record defined in its Connect:Direct® Secure Plus parameter file for the PNODE, and determines if a common cipher can be found and used for secure communication. Cipher suites are used to encrypt the data being sent between nodes. If the SNODE finds a record for the PNODE in its IBM Connect:Direct Secure Plus parameter file and verifies it has a cipher defined in common with the PNODE, a common cipher is negotiated and the session continues.
- The SNODE sends its ID certificate to the PNODE who confirms that it has a record defined in the IBM Connect:Direct Secure Plus parameter file. Information for creating a public key is included. The PNODE verifies the ID certificate of the SNODE using the trusted root certificate file defined in its IBM Connect:Direct Secure Plus parameter file, and generates a session key.
- If client authentication is enabled on the SNODE, the SNODE requests an ID certificate from the PNODE. The PNODE sends its ID certificate defined in its IBM Connect:Direct Secure Plus parameter file to the SNODE for verification against the trusted root certificate file specified in the SNODE's IBM Connect:Direct Secure Plus parameter file. If a common name was also specified in the IBM Connect:Direct Secure Plus parameter file for the PNODE, this name is used to verify the common name field of the PNODE's certificate.
- The SNODE confirms that a secure environment is established and returns a secure channel message.