Transport Layer Security (TLS)Data Confidentiality
TLS is an Internet Standard for providing data confidentiality used by all Isode products. Along with the pages on SASL (Simple Authentication and Security Layer) and Strong Authentication, this page describes the infrastructure of the Isode products that use cryptography. TLS also provides strong authentication using X.509, which is described on the Strong Authentication page.
Isode products all support TLS 1.3, which is the latest and recommended version. Most products also support TLS 1.2.TLS 1.1 is disabled in all products for security reasons.
Some Isode products allow configuration of the cipher suites used.
Use of Isode products with TLS is export controlled. Most Isode products control TLS as a feature, which enables provision of the product without TLS so that it is not export controlled.
Export controls are dependent on the country of end use, and controlled by UK Export regulations. Use in the European Union, US, Canada, Australia, New Zealand, Japan, Switzerland and Norway is permitted under a standard export license.
Export to other countries requires an individual export license. To be able to apply for such a licence, a purchase order is required.
Isode products conform to the following standards:
- RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3, E. Rescoria, August 2018
- RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2, T. Dierks, E. Rescoria, August 2008
- RFC 3268: Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
Most Isode products make use of the OpenSSL package to provide TLS data confidentiality services. OpenSSL has FIPS 140-2 conformance which is a US government security standard for cryptographic modules. FIPS 140-2 is defined here.
This is a high quality package used by many commercial products. Isode would like to acknowledge the contribution from the authors of OpenSSL, and of the organizations that have funded work on these packages.
There is also a strong security benefit in using open source technology, particularly for the cryptographic components. Because the source is widely used and openly available, it has been subject to substantial peer review. This leads to a high confidence in the security of these products.
Isode tracks versions of OpenSSL, and in the event of security fixes to OpenSSL which may Impact Isode products, will release product updates.
Other TLS technologies used by Isode:
- Go TLS. (Cobalt & Icon-5066 for HTTPS functionality)
- Rustls (Icon-PEP & M-Vault for HTTPS functionality)
- Microsoft SChannel (Swift Desktop)