4D v16.3Using TLS Protocol |
||
|
4D v16.3
Using TLS Protocol
Using TLS Protocol
The 4D Web server can communicate in secured mode through the TLS (Transport Layer Security) protocol -- the successor of the SSL (Secured Socket Layer) protocol. By default, the minimum supported version in 4D is TLS 1.2. The TLS protocol (successor of SSL) has been designed to secure data exchanges between two applications —mainly between a Web server and a browser. This protocol is widely used and is compatible with most Web browsers. At the network level, the security protocol is inserted between the TCP/IP layer (low level) and the HTTP high level protocol. It has been designed mainly to work with HTTP. Network configuration using TSL: Note: The TLS protocol can also be used to secure standard 4D Server client/server connections as well as SQL server connections. For more information, refer to the section Encrypting Client/Server Connections in the 4D Server Reference manual as well as the Configuration of 4D SQL Server section in the SQL Reference manual. The TLS protocol is designed to authenticate the sender and receiver and to guarantee the confidentiality and integrity of the exchanged information:
TLS uses a public key encryption technique based on a pair of asymmetric keys for encryption and decryption: a public key and a private key. Note: For more information on the encryption method and the public and private key issues, refer to the ENCRYPT BLOB command description. A server working in secured mode means that you need a digital certificate from a certification authority. This certificate contains various information such as the site ID as well as the public key used to communicate with the site. This certificate is transmitted to the clients (Web browsers) connecting to this site. Once the certificate has been identified and accepted, the communication is made in secured mode. Note: A browser authorizes only the certificates issued by a certification authority referenced in its properties. The certification authority is chosen according to several criteria. If the certification authority is well known, the certificate will be authorized by many browsers, however the price to pay will be expensive. To get a digital certificate: 1. Generate a private key using the GENERATE ENCRYPTION KEYPAIR command. Warning: For security reasons, the private key should always be kept secret. Actually, it should always remain with the server machine. For the Web server, the Key.pem file must be placed in the Database structure folder. 2. Use the GENERATE CERTIFICATE REQUEST command to issue a certificate request. 3. Send the certificate request to the chosen certificate authority. 4. Once you get your certificate, create a text file named “cert.pem” and paste the contents of the certificate into it. Note: CR line-ending characters are not supported on their own; you must use CRLF or LF. 5. Place the “cert.pem” file in the correct location. For the Web server, this is the folder containing the database structure. If you want to use the TLS protocol with the 4D Web server, the following components should be installed on the server, at different locations:
Note: 4DSLI is also necessary to use the encryption commands ENCRYPT BLOB and DECRYPT BLOB. The installation of these elements makes it possible to use TLS for connections to the 4D Web server. However, in order for TLS connections to be accepted by the 4D Web server, you must “activate” the TLS. This parameter is accessible on the Configuration tab of the Web page in the Database Settings: By default, the TLS connections are allowed. You can uncheck this option if you do not want to use TLS functionalities with your Web server, or if another Web server allowing secure connections is operating on the same machine. The TCP port dedicated to TLS data exchange is 443 by default. This port number can be modified in the HTTPS Port Number area in order, for example, to reinforce the security of the Web server (for more information about this pont, refer to the Web Server Settings section). The TCP port defined on this page of the Database Settings is used for standard mode Web server connections. Note: The other settings defined for the 4D Web Server management (password, timeout, cache size, etc.) are applied, regardless of whether or not the server is operating in TLS mode. For a Web connection to be carried out in secure mode, the URL sent by the browser simply needs to begin with “https” (instead of “http”).
The encryption algorithm used for the connection is then decided by the browser and the Web server. The server offers several symetric encryption algorithms (RC2, RC4, DES...). The most powerful common algorithm is used. Warning: The level of encryption allowed might depend on current laws in the country of use. Using TLS with a 4D Web server does not require any specific system configuration. However, you should keep in mind that a TLS Web server can also work in a non-secured mode. The connection mode can switch to another mode if the browser so requires (for example, in the browser URL area, the user can replace “HTTPS” by “HTTP”). The developer can forbid or redirect requests made in a non-secured mode. You can get the current connection mode using the WEB Is secured connection command.
See also
DECRYPT BLOB
|
PROPERTIES
Product: 4D
HISTORY
TAGS cert.pem, key.pem, 4DSLI.DLL ARTICLE USAGE
4D Language Reference ( 4D v16) |