In
IMSVA,
Transport Layer Security (TLS) provides a secure communication channel between servers
over the
Internet, ensuring the privacy and integrity of the data during transmission.
Two servers (Server A and Server B) establish a TLS connection
through a handshaking procedure as described below:
-
The handshake begins when Server B requests a secure
connection with Server A by sending a list of ciphers.
-
Server A then selects one cipher presented by Server B and replies with its digital
certificate
that may have been signed by a certificate authority (CA).
-
Server B verifies Server A's identity with the trusted CA
certificate. If the verification fails, Server B may choose to stop
the TLS handshake.
-
Upon verifying Server A's identity, Server B proceeds to generate the session keys
by encrypting
a message using a public key.
-
This message can only be decrypted using the corresponding private key. Server B's
identity is
thus authenticated when Server A is able to decrypt the message successfully using
the private key.
-
The handshake completes and the secure connection is established
after the servers have created the material required for encryption
and decryption.
IMSVA applies
TLS on traffic entering IMSVA and
traffic exiting IMSVA,
not on incoming or outgoing message traffic.
