Connections may be initiated by the Clientor by the Server when they create a TransportConnectionand establish a communication with their peer.If the Clientcreates the TransportConnection, the first Messagesent shall be a Hellowhich specifies the buffer sizes that the Clientsupports. The Servershall respond with an Acknowledge Messagewhich completes the buffer negotiation. The negotiated buffer size shall be reported to the SecureChannellayer. The negotiated SendBufferSizespecifies the size of the MessageChunksto use for Messagessent over the connection.
If the Servercreates the TransportConnectionthe first Messageshall be a ReverseHellosent to the Client. If the Clientaccepts the connection, it sends a Hellomessage back to the Serverwhich starts the buffer negotiation described for the Clientinitiated connection.
The Hello/Acknowledge Messagesmay only be sent once. If they are received again the receiver shall report an error and close the TransportConnection. Applications accepting incoming connections shall close any TransportConnectionafter a period of time if it does not receive a Helloor ReverseHello Message. This period of time shall be configurable and have a default value which does not exceed two minutes.
The Clientsends the OpenSecureChannelrequest once it receives the Acknowledgeback from the Server. If the Serveraccepts the new channel, it shall associate the TransportConnectionwith the SecureChannelId. The Serveruses this association to determine which TransportConnectionto use when it has to send a response to the Client. The Clientdoes the same when it receives the OpenSecureChannelresponse.
The Serverapplication does not do any processing while the SecureChannelis negotiated; however, the Serverapplication shall to provide the Stackwith the list of trusted Certificates. The Stackshall provide notifications to the Serverapplication whenever it receives an OpenSecureChannelrequest.These notifications shall include the OpenSecureChannelor Errorresponse returned to the Client.
The Serverneeds to be configured and enabled by an administrator to connect to one or more Clients. For each Client, the administrator shall provide an ApplicationUriand an EndpointUrlfor the Client.If the Client EndpointUrlis not known, the administrator may provide the EndpointUrlfor a GDS (see OPC 10000-12) which knows about the Client. The Servershould expect that it will take some time for a Clientto respond to a ReverseHello. Once a Clientcloses a SecureChannelor if the socket is closed without establishing a SecureChannel the Servershall create a new socket and send a new ReverseHellomessage. When a SecureChannel is established, the Server shall immediately create a new socket and sends a new ReverseHelloto ensure the Clientis able to create another SecureChannelif it is needed.Administrators may limit the number of simultaneous sockets that a Serverwill create.