Perle Systems Technical Notes
Serial over SSL/TLS (Secure Sockets Layer)
SSL/TLS are both Secure Socket Layer standardized by the IETF cryptographic protocols that provide authentication and data encryption between servers, machines and applications operating over a network. SSL is the predecessor to TLS. Both SSL/TLS technology is used today for on-line banking to financial institution web sites using SSL/TLS enabled internet browsers. Over the years, new versions of the protocols have been released to address vulnerabilities and support stronger, more secure cipher suites and algorithms. Since 2015 TLS has started to slowly become the preferred choice across the industry.
With SSL/TLS functionality, Perle enables organizations to securily connect serial based legacy equipment across encrypted SSL/TSL sessions on private or public networks such as internet.
Perle’s implementation of SSL/TLS goes beyond the simple encryption offered by other vendors today. Secure IOLANs provide multiple cipher selections including AES and 3DES, key management, peer authentication as well as the ability to operate in either SSL/TLS server or client modes making it the best choice for all secure serial to Ethernet projects.
Users can have sensitive serial data, such as credit card data on serial credit card readers, passed across public or wireless networks to SSL/TLS enabled applications. Sessions can be supported in the following configurations:
- Serial tunneling mode–Pass serial data between devices
- SSL/TLS Application to Device Server(s) – Pass TCP sockets from an SSL enabled application to remote serial devices
- TruePort to Device Server(s) – Pass serial application data from a host server with TruePort (V5 and up) to remote serial devices attached to IOLAN device servers
- Secure Vmodem – Pass encrypted Vmodem ( Virtual Modem ) traffic between devices and a remote application that is designed to communicate with AT command based modems
Perle TruePort, used in conjunction with remote secure IOLAN device servers can also be used to enable existing serial applications to pass encrypted serial data across the network. TruePort with SSL/TLS is available on with the following O/S’s;
- Microsoft Windows & Windows Server & NT
- SCO Unixware / Openserver
- SCO Openserver
- HP UX
- NCR UNIX
An extensive feature set is included with Perle’s implementation of SSL/TLS:
- PCI DSS Compliance: TLS v1.2, TLS v1.1, TLS v1.0, SSL v3.0, SSL v2.0
- Operate in either SSL/TLS Server or Client mode and SSL Peer authentication
- SSL encryption: AES-GCM, key exchange ECDH-ECDSA, HMAC SHA256, SHA384
- Supported Encryption Ciphers : AES (256/192/128), 3DES, DES, Blowfish, CAST128, ARCFOUR(RC4), ARCTWO(RC2)
- Configurable key lengths
- Hashing Algorithms: MD5, SHA-1, RIPEMD160, SHA1-96, and MD5-96
- X.509 Certificate Authentication: RSA, DSA
- Peer Validation Criteria: Country, State, Locality, Organization, Organization Unit, Common Name, Email
- Certificate Authorities ( CA ) list with digital signatures from companies such as Versign or self-signed certificates.
- Key Exchange: RSA, EDH-RSA, EDH-DSS, ADH