The TLS (Transport Level Security) protocol a PKI application used to provide security and integrity of data transferred between a pair of communicating parties. The parties use PKI encryption to securely exchange a "secret key" data, and then all data transferred between the parties is encrypted using that "secret key". The earlier versions of the TLS protocol were called the SSL (Secure Socket Layer) protocols.
The CommuniGate Pro Server supports SSL/TLS connections for all its TCP-based services and modules. Secure connections can be established in two ways:
Usually certificates for SSL/TLS communications can be assigned only to the CommuniGate Pro Domains that have at least one assigned network (IP) address. This limitation comes from the design of the TLS protocols used today: when a client application wants to initiate a secure connection, the Server has no information about the Domain the client wants to connect to. The Server knows only to which local IP address the client has connected, so it opens the Domain this IP address is assigned to, and uses the PKI Settings of that Domain.
An exception to this rule is the XMPP protocol. Before an XMPP client sends the <starttls> command, it explicitly specifies the target domain in the <stream> data, so the Server can initiate a TLS session with a Domain that has no assigned network address.
Use the WebAdmin Interface to specify the Server-wide SSL/TLS processing parameters. Open the General pages in the Settings realm, and find the TLS Sessions panel on the Others page:
Log: Use this setting to specify what kind of information the TLS module should put in the Server Log. The TLS module records in the System Log are marked with the TLS tag.
Time To Live: This setting specifies the cache time for TLS sessions. When all connections using the same TLS session are closed, the Server waits for the specified time before deleting the TLS session parameters. Thi