Transport Layer Security (TLS) is a protocol that provides communications privacy and data integrity between two applications communicating over a network. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
What you should know
TLS is used for connections to the Directory from client workstations and expansion servers. With TLS, you have the option to enforce Directory authentication on client workstations and servers during software installation.
What are the benefits of TLS?
TLS provides numerous benefits to clients and servers over other methods of authentication, including:
- Strong authentication
- Authenticate the Directory to client applications, proving the identity of the server before connecting to it. Protects against manipulator-in-the-middle (MITM) attacks.
- Data integrity
- All data are transmitted with an integrity check value.
- Message privacy
- Protects against eavesdropping.NOTE: The potential of such threats is present only if you allow connections from the WAN (as opposed to through a secure VPN) or when your corporate network has been physically compromised.
- Algorithm flexibility
- Provides options for the authentication mechanisms, encryption algorithms, and hashing algorithms that are used during the secure session.
- Ease of use
- Most of its operations are invisible to the client. This allows the client to have little or no knowledge of the security of communications and still be protected from attackers.
Limitations
- Manipulator-in-the-middle protection is only enforced if you choose to turn on Directory authentication on each machine (Client or Server).
- Client certificates are not supported for Config Tool and Security Desk.