Encryption secures the data stream with a cipher and cipher strength that is negotiated when the
connection is established. The ciphers and strengths that can be used for connections are user-
configurable in the Control Panel. Available ciphers are RC2, RC4, DES, 3DES, and AES. Cipher
strengths range from 40 bits to 256 bits. The maximum cipher strength is subject to an upper limit
enforced by the product license key provided by the supplier of the software license. Not all ciphers work
with all strengths, and this is automatically managed by the software when it negotiates the network
connection.

●

Authentication checks the identify of the peer (the "other end" of the network connection) by validating
the certificate supplied by the peer. The specific checks applied to the certificate are user-configurable in
the Control Panel. Additionally, the certificate authorities (CA's) used to validate the certificate can either
come from a set of built-in CA's (which is the set of CA's used by Internet Explorer 6 and other browsers)
or from a user-supplied CA file. Appendix B provides a list of the built-in CA's.

●

Certificate allows the software to provide a certificate to the network connection peer. An unsecure
sample certificate is included with the Tactical Software product. The certificate used in an actual
application must be supplied in a user-specified file.

Usage

SSL/TLS Security features are used for various purposes, depending on the Tactical Software product:

Product

Encryption

Authentication

Certificate

A.2. SSL/TLS Security