Technical Blog Post
Protecting data in transit with Transport Layer Security.
Author: Manisha Khond, IBM Cognitive Engagement, Watson Supply Chain
The primary benefit of Transport Layer Security is the protection of web application data from unauthorized disclosure and modification when it is transmitted between clients and the server. In the B2B communication, client and the server are two trading partners.
The server validation component of TLS provides authentication of the server to the client. If configured to require client side certificates, TLS can also play a role in client authentication to the server. TLS provides integrity guarantees and replay prevention. A TLS stream of communication contains built-in controls to prevent tampering with any portion of the encrypted data. In addition, controls are also built-in to prevent a captured stream of TLS data from being replayed at a later time. It should be noted that TLS provides the above guarantees to data during transmission. TLS does not offer any of these security benefits to data that is at rest.
Transport layer protection is necessary for back-end connections and any other connection where sensitive data is exchanged or where user identity is established. Failure to implement an effective and robust transport layer security will expose sensitive data and undermine the effectiveness of any authentication or access control mechanism. You should use TLS as SSL is no longer considered usable for security.
TLS requires access to Public Key Infrastructure (PKI) in order to obtain certificates. Currently IBM Sterling B2B Integrator supports TLS 1.0, TLS 1.1 and TLS 1.2. There are properties settings to use TLS 1.2 only. Below functionality in IBM Sterling B2B Integrator and IBM Sterling File Gateway has TLS Support.
TLS support in functionality
Communication with Email Server
|B2B Mail Client Adapter, SMTP Send Adapter|
|Execute the OS shell scripts||Command Line Adapter 2|
|FTP||FTP Client Adapter and Services, FTP Server Adapter|
|HTTP||HTTP Client Adapters and Services, HTTP Server Adapter|
|Java Messaging Service||JMS 1.1 Acquire Connection and Session Service, JMS 1.1 Async Receive Adapter|
|TCP/IP Socket communication||Socket Client Adapter, Socket Server Adapter, Socket Connect Service|
|Communication with IBM WebSphere MQ||WebSphere MQ Suite Async Receiver Adapter|
|WebServices||SOAP Inbound Service, SOAP Outbound Service, SOAP Inbound Security Service, SOAP Outbound Security Service|
|Communication with IBM WebSphere MQ File Transfer Edition||WebSphere MQ File Transfer Edition Agent Adapter|
|Odette FTP||TLS support in Partner Profile|
|IBM Sterling File Gateway||Custom protocols|
|Connect:Direct||Connect:Direct Secure+ configuration|
Do you have any questions? Please contact using comments section.