TLS Support in TIBCO Enterprise Message Service

TIBCO Enterprise Message Service supports the Transport Layer Security (TLS) protocol.

TLS uses public and private keys to encrypt data over a network connection to secure communication between pairs of components:

  • between an EMS client and the tibemsd server
  • between the tibemsadmin tool or API and the tibemsd server
  • between MSGMX and the tibemsd server
  • between two routed servers
  • between two fault-tolerant servers

TLS provides secure communication that works with other mechanisms for authentication available in the EMS server. When authorization is enabled in the server, the connection undergoes a two-phase authentication process. First, a TLS hand-shake between client and server initializes a secure connection. Second, the EMS server checks the credentials of the client using the supplied username and password. If the connecting client does not supply a valid username and password combination, the connection fails, even if the TLS handshake succeeded.

Tip: When authorization is enabled, usernames and passwords are always checked, even on TLS secured connections.