TLS Authentication Modes

The TLS connector supports two authentication modes—pre-shared key authentication and certificate-based authentication. These determine the way in which the connection is secured and the supported encryption ciphers that can be used.

When deploying Uniface applications, you need to consider the level of security required for the connections between client applications, Uniface Routers, and Uniface Servers. Different connections may require different connectors (TLS or TCP), encryption modes, and types of certificate verification. You can configure the Uniface Router to use both the TLS and TCP connectors, depending on these security requirements.

For example, you could:

• Use the TCP connector for connections that do not need to be secured in any way, either because the information is not sensitive, or the connection is isolated from the Internet or network in some way. For example, for any communication between the Uniface Router and Uniface Server running on the same host.
• Use the TLS connector with pre-shared key mode when first configuring TLS, or for communication over the corporate network. Pre-shared key mode is easier to configure but less secure than certificate-based mode, so it could be used in situations where there are fewer security threats. For more information, see Pre-Shared Key Authentication.
• Use the TLS connector with certificate-based authentication for communication channels that are more exposed to external threats, such as data connections over the internet. For more information, see Certificate-Based Authentication.