6 Implementation and deployment considerations ToC Previous Next

6.13 HTTPs, SSL/TLS & Websockets ToC Previous Next

HTTPs defines a standard transport security. This transport security does not always ensure end to end security. Proxy servers or other intermediaries may exist. If end to end security is required then additional step such as a VPN should be taken.

If SSL/TLS communication is support, the keys used for TLS must be different then the keys for TCP communication. Reusing the keys introduces security issues. Only TLS 1.2 should be enabled, other versions of TLS have security issues and should not be enabled.

SLL version 2 has security issues and should be disabled. It is important that it is disabled for all applications on the machine not just for the UA application.

Websockets is just another protocol that is secured using HTTPS. If using Websockets all of the security guideline for HTTPs and TLS should be followed.

Previous Next