Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.
Products
Transport Layer Security
Isode server and client products provide a range of security services. This page describes security infrastructure components that are used by many of the Isode products. Along with the pages on SASL (Simple Authentication and Security Layer) and Strong Authentication, this describes all of the infrastructure of the Isode products that use cryptography.
Transport Layer Security
Transport Layer Security (TLS) is an Internet Standard for providing data confidentiality, and is used by Isode. TLS also provides strong authentication using X.509 (which is described here). Isode uses TLS in in the following products and protocols to provide data confidentiality:
- M-Vault: LDAP
- M-Box: POP3 and IMAP
- M-Switch: SMTP, LMTP and the Isode SOM Protocol
Cryptographic Algorithms
Isode TLS can use the following Cipher Suites:
| Cipher | Key Length (Standard) |
Key Length (High Grade) |
|---|---|---|
| DES |
40, 56 |
|
| Triple-DES | not supported | 168 (112 effective) |
| AES | not supported | 128, 256 |
| RC4 | 40, 56 | 128 |
| RC2 | 40, 56 | 128 |
Where X.509 based authentication is used, the supported cryptographic are described in the strong authentication product overview.
Diffie Helllman key exchange and SHA (Secure Hash Algorithm) may be used with Isode TLS, either in conjunction with X.509 based authentication or independently.
Configuration of Isode TLS will select valid combinations of Cipher Suite and Authentication. Valid combinations are documented in the Isode Manual.
Standard and High Grade Encryption
Isode's products support data encryption at up to 56 bits, as shown in column 2 of the table above.
High Grade versions of the Isode products are available, supporting the algorithms and key lengths shown in column 3 of the table above. Availability of these products is dependent on the country of end use, and controlled by UK Export regulations. Use in the European Union does not require an export license. Use in US, Canada, Australia, New Zealand, Japan, Switzerland and Norway is permitted under a standard export license. Use in all other countries requires an export license. Isode does not anticipate problems in obtaining an export license for reasonable use of the Isode products.
Conformance
Isode products conform to the following standards:
| RFC 2246 | The TLS Protocol Version 1.0, T. Dierks, C. Allen, January 1999 |
|---|
| Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) |
Underlying Technology
Isode makes use of the OpenSSL package to provide TLS data confidentiality services. OpenSSL has FIPS 140-2 conformance which is a US government security standard for cryptographic modules defined here.
This is a high quality package used by many commercial products. Isode would like to acknowledge the contribution from the authors of OpenSSL, and of the organizations that have funded work on these packages.
There is also a strong security benefit in using open source technology, particularly for the cryptographic components. Because the source is widely used and openly available, it has been subject to substantial peer review. This leads to a high confidence in the security of these products.
Isode tracks versions of OpenSSL, and in the event of security fixes to OpenSSL which may Impact Isode products, will release product updates.
Availability
The Isode security infrastructure described on this page is used by
other Isode products, and is not provided separately.
