File Transfer Mode

TIBCO MFT Platform Server for UNIX supports the following modes of operation for incoming and outgoing Platform Server requests. It is for both file transfer requests and administrative requests such as audit collection, server status, and node and profile updates.

Tunnel mode is the most secure option and is strongly suggested when communicating to partners over the internet. Tunnel mode requires TIBCO MFT Internet Server V8.2 and TIBCO MFT Platform Server V8.0 or higher.

Adding ZLIB compression adds an additional level of complexity to the encrypted data and makes it more difficult to decrypt the data.

SSLAUTH Configuration File

When using SSL/TLS or tunnel modes, additional validation can be performed. The SSLAUTH configuration is described in the TIBCO® Managed File Transfer Platform Server for UNIX User's Guide in the section titled "Configured SSL Authorization Parameters". This file allows you to compare fields in the certificate DN (Distinguished Name) against predefined parameters in the SSLAUTH file. If a match is not made, the request is terminated with an error. SSLAUTH checking requires the

config.txt ClientVerification set to Y.

CRL for TLS/SSL and Tunnel Transfers

The TIBCO® Managed File Transfer Platform Server for UNIX User's Guide in the section titled "CRL Support" describes how to configure CRL Support.

However, it is simpler to update the SSLAuth file to deny access to specific certificates.