About Transport Layer Security Parent topic

In IMSS, Transport Layer Security (TLS) provides a secure communication channel between servers over the Internet, ensuring the privacy and integrity of the data during transmission.
Two servers (Server A and Server B) establish a TLS connection through a handshaking procedure as described below:
  1. The handshake begins when Server B requests a secure connection with Server A by sending a list of ciphers.
  2. Server A then selects one cipher presented by Server B and replies with its digital certificate that may have been signed by a Certificate Authority (CA).
  3. Server B verifies Server A's identity with the trusted CA certificate. If the verification fails, Server B may choose to stop the TLS handshake.
  4. Upon verifying Server A’s identity, Server B proceeds to generate the session keys by encrypting a message using a public key.
  5. This message can only be decrypted using the corresponding private key. Server B’s identity is thus authenticated when Server A is able to decrypt the message successfully using the private key.
  6. The handshake completes and the secure connection is established after the servers have created the material required for encryption and decryption.
IMSS applies TLS on traffic entering IMSS and traffic exiting IMSS, not on incoming or outgoing message traffic.