SSL/TLS

FTP Over SSL/TLS
SSL/TLS APIs

SSL and TLS (the Internet standard of SSL called Transport Layer Security) enable secure transmission of information between a client and server through the use of authentication and encryption techniques. TLS 1.0 (RFC 2246) and TLS 1.2 (RFC 5246) are supported and negotiated when applications communicate.

Notes:

  • TLS 1.0 is the minimum level of security that the ClearPath MCP supports. SSL version 2 and SSL version 3 protocols are no longer supported after MCP 16.0.

  • You can enable support for TLS 1.0 by using the NW TCPIP OPTION + TLS10 command. (The option is disabled by default because support for TLS 1.0 was deprecated.)

TLS is used by many products in the ClearPath MCP environment (such as Web Transaction Server, FTP, CCF, SAN Datamover, and Telnet). This functionality is also available through the MCP Sockets Service API and through the port file API using TCPIPNATIVESERVICE.

ClearPath Secure Transport is the Unisys implementation of TLS that was developed for the MCP environment of a ClearPath MCP server. ClearPath Secure Transport ensures a secure connection across a TCP/IP network for MCP applications.

ClearPath Secure Transport supports the following cipher suites:

  • TLS_RSA_WITH_AES_128_CBC_SHA

  • TLS_RSA_WITH_AES_256_CBC_SHA

  • TLS_RSA_WITH_AES_128_CBC_SHA256

  • TLS_RSA_WITH_AES_256_CBC_SHA256

  • RSA_WITH_AES_128_GCM_SHA256

  • RSA_WITH_AES_256_GCM_SHA384

  • DHE_RSA_WITH_AES_128_GCM_SHA256

  • DHE_RSA_WITH_AES_256_GCM_SHA384

  • ECDHE_ECDSA_AES_128_CBC_SHA256

  • ECDHE_ECDSA_AES_256_CBC_SHA384

  • ECDHE_ECDSA_AES_128_GCM_SHA256

  • ECDHE_ECDSA_AES_256_GCM_SHA384

  • ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Notes:

  • Lower-grade and deprecated cipher suites have been removed from ClearPath Secure Transport to ensure the highest level of security with network communications.

  • Security Center provides an SSL/TLS Connection Wizard which can be used to test if the certificate chain presented by a remote system will be trusted if used over an SSL/TLS-enabled connection.

Prev  Up  Next
Network Security  Home  FTP Over SSL/TLS