Configuring TLS connections between the Data Streamer and its subscribers

To secure communications between the Z Common Data Provider Data Streamer and its subscribers, you must choose a streaming protocol that supports Transport Layer Security (TLS) when you configure a subscriber in a policy. You must also configure the Data Streamer and its subscribers to use TLS.

Before you begin

For more information about the streaming protocols, see Subscriber configuration. The streaming protocols that support TLS contain secure in the name except for Apache Kafka subscribers.

For Apache Kafka subscribers, whether to enable secure communications between the Data Streamer and Apache Kafka is not controlled by the protocol you select. Instead, specify the file path of the Apache Kafka producer or consumer properties file in the policy and set security.protocol=SSL or SASL_SSL in these files. The streaming protocol for Apache Kafka subscribers, with or without secure communication enabled, is CDP Kafka.

Z Common Data Provider requires Java™ 17 or later. As a result, it includes default support for TLS 1.3 and TLS 1.2.

Tip: Secure Sockets Layer (SSL) protocol is the predecessor to TLS, the term Secure Sockets Layer, or SSL, is often used generically to refer to TLS encryption.

About this task

TLS is a standard technology used for enabling secure communications between client and server to ensure data security and integrity. The following sections explain how to configure TLS on the Data Streamer and its subscriber respectively.

Important: Do not configure a proxy when you intend to establish secure communication (one-way or two-way TLS) directly between the Data Streamer and the subscriber. When a proxy is used, the secure connection is terminated between the Data Streamer and the proxy, and TLS cannot be extended or passed through to the subscriber. As a result, the Data Streamer-to-subscriber connection cannot be secured with TLS when a proxy is in use.