You can use the Transport Layer Security (TLS) to provide a security infrastructure that protects communications between a socket client and server. TLS provides data privacy over network connections and authentication between clients and servers on those connections using elements of Public Key Infrastructure (PKI). These elements include private and public keys that the clients and servers use to authenticate each other and to set up data encryption and decryption services between the initiator of the communications (TLS client) and the responder (TLS server). The server is identified by the private key that it stores and the client is identified as a valid TLS client for that server by the public key that it stores and provides to the server. TLS clients gain access to public keys using digital (public key) certificates provided by a trusted certificate authority (CA) that also provides the private key confidentially to the TLS server.

Like socket communications in general, TLS is both application and transport independent. This section describes how to implement and manage TLS for ABL applications communicating over TCP/IP sockets.

For more information on TLS and how it uses private and public keys and public key certificates to handle security tasks in these contexts, see Introduction to Security and Auditing.

To set up and connect ABL socket servers and clients with TLS:

1. On your ABL socket server, create and configure the private key and certificate store required to identify your socket server as an TLS server.
2. On your ABL socket client, create and configure the public key certificate store required to access your TLS server as an TLS client.
3. Startup and ensure that your ABL socket server has enabled connections for TLS.
4. Startup and connect your ABL client as an TLS client to your TLS server.
5. Invoke socket operations in TLS sessions.

The sections that follow describe these tasks.