OpenEdge supports data privacy and client/server authentication over connections between OpenEdge clients, servers, and middleware using the Transport Layer Security (TLS). This TLS support works at two levels of networking:

  • Secure Internet access—Using OpenEdge middleware and third-party Web servers or Java Servlet Engines (JSEs) to secure Internet connections between an OpenEdge client and server component using HTTPS (HTTP tunneled through TLS)
  • Secure intranet access—Securing direct connections between OpenEdge client, middleware, and server components using an OpenEdge implementation of TLS (TCP/IP tunneled through TLS)
Note: By default, all OpenEdge components support TLSv1.2, TLSv1.3. The TLS version used for authentication over connections between OpenEdge clients and servers is decided based on the following scenarios:
  • An unconfigured OpenEdge client uses the default (TLSv1.3,TLSv1.2) to establish a handshake to secure the connection between the OpenEdge client and OpenEdge server. In such scenario, TLSv1.3 takes precedence over TLSv1.2.

    If a secure connection is not established using TLSv1.3, the TLS connection falls back to TLSv1.2 to establish a connection.

  • If the OpenEdge client is configured with TLSv1.3, then the OpenEdge server establishes the connection using TLS 1.3.
  • If the OpenEdge client is configured with TLSv1.2, then the OpenEdge server establishes the connection using TLS 1.2.

Depending on the OpenEdge components involved, Internet and intranet TLS can be used alone or together to provide combinations of security options for certain OpenEdge client and server connections.

As you might know or have surmised from the basic functionality provided by this security option (data privacy and client/server authentication), TLS fundamentally relies on various forms of data cryptography that are specially organized to provide this connection security. To help understand the scope and impact of using TLS with OpenEdge, this manual describes this security option at several levels starting with the technical foundations and basic terminology required to understand and describe TLS itself as well as its role in OpenEdge.

For information on:

  • The foundation technologies and terminology for TLS, see Public Key Infrastructure (PKI)
  • The features and functions of TLS, see Public Key Infrastructure (PKI)
  • How OpenEdge uses TLS to secure its client, server, and middleware components, and how to configure these components to use TLS, see Transport Layer Security (TLS)
  • How to prepare the OpenEdge platform environment to use TLS, see the sections on managing OpenEdge key and certificate stores in Manage OpenEdge Keys and Certificates
CAUTION: By default, all OpenEdge components support TLS 1.2, 1.3. TLS in OpenEdge provides a faster TLS handshake, and simpler and more secure cipher suites. Together, these changes provide better performance and stronger security. Also be aware that any use of TLS can have significant negative impact on application performance. So, be sure that you need the security that TLS provides before designing and building it into your applications.