Secure Policy ============= Security policy determines what encryption and signature algorithms is applied to messages. The configuration file defines the list of security policies that the server or client can use. None ---- Secure policy None does not apply any protection to messages. Use this secure policy only for testing purposes. The following example shows how to configure a client with the ability to communicate with the server without encryption: .. literalinclude:: examples/client/client_connect.lua :language: lua `Full source <_static/client/client_connect.lua>`__ Basic128Rsa15 ------------- .. warning:: This policy is considered deprecated and should be used only for compatibility with old systems. Secure policy Basic128Rsa15 applies the following algorithms to messages: - Asymmetric encryption RSAES-PKCS1-v1_5 with key size 1024 or 2048 bits. - Asymmetric signature algorithm RSASSA-PKCS1-v1_5 with SHA-1 hash function - Symmetric encryption AES-128-CBC The following example shows how to configure Basic128Rsa15 secure policy: .. literalinclude:: examples/client/policy_basic128rsa15.lua :language: lua :lines: 5-22 `Full source <_static/client/policy_basic128rsa15.lua>`__ Aes128_Sha256_RsaOaep --------------------- Secure policy Aes128_Sha256_RsaOaep applies the next algorithms to messages: - Asymmetric encryption RSAES-OAEP wirh SHA-1 hash function. - Asymmetric signature algorithm RSASSA-PKCS1-v1_5 with SHA2-256 hash function - Symmetric encryption AES-128-CBC The following example shows how to configure Aes128_Sha256_RsaOaep secure policy: .. literalinclude:: examples/client/policy_aes128_sha256_rsaoaep.lua :language: lua :lines: 5-22 `Full source <_static/client/policy_aes128_sha256_rsaoaep.lua>`__ Basic256Sha256 -------------- Secure policy Basic256Sha256 applies the following algorithms to messages: - Asymmetric encryption RSAES-OAEP with SHA-1 hash function. - Asymmetric signature algorithm RSASSA-PKCS1-v1_5 with SHA2-256 hash function - Symmetric encryption AES-128-CBC The following example shows how to configure Basic256Sha256 secure policy: .. literalinclude:: examples/client/policy_basic256sha256.lua :language: lua :lines: 5-22 `Full source <_static/client/policy_basic256sha256.lua>`__ Establishing secure connection ------------------------------ When a client connects to a server, it must open a secure channel and specify a secure policy. To discover the exact secure policy parameters, the client can use a GetEndpoints request. In the GetEndpoints response, the server will return all known endpoints with applicable secure policies. The following example shows how to discover an endpoint with the secure policy Basic128Rsa15: .. literalinclude:: examples/client/policy_basic128rsa15.lua :language: lua :lines: 24-59 `Full source <_static/client/policy_basic128rsa15.lua>`__ This policy is considered deprecated and should be used only for compatibility with old systems.