Encryption Protocols

It is a best practice to keep all software supporting the use of Diver Platform up-to-date to ensure security is maintained. In addition, always apply security patches from your OS vendor.

For communication between client products and server products:

  • Web-based products—browsers talking to a Java Web Application server such as Apache Tomcat:

    Using up-to-date browsers, Java Runtime, and Tomcat itself is the key to maintaining protections. The Tomcat server can be configured to further restrict particular Transport Layer Security (TLS) versions and ciphers permitted.

  • Desktop clients:

    • Workbench and DiveTab-PC: Cryptography is provided by Microsoft's .NET Runtime
    • DiveTab on iPad: Cryptography is provided by Apple's implementation in iOS
    • ProDiver and DiveLine: Cryptography is provided by the third-party OpenSSL library

In all cases, TLS with Perfect Forward Secrecy (PFS) encryption is supported.

Starting with version 7.1(20), DiveLine and its clients accept both TLS 1.2 and TLS 1.3 encryption protocols.

Email

There are two ways to generate Email with the Diver Platform:

  • using DIAL (either directly or via DI-Broadcast) which is intended to send out data
  • via the ProductionService component of DiveLine, which sends out information emails about batch processing issues/progress

In both cases, the customer designates an internal, corporate Email server for the Diver Platform when configuring the email to be sent. It is good practice to configure this server to only accept encrypted submissions if that is what the customer's local security policy dictates.

For sending the email, DI software does not use home-grown encryption. Instead, it uses libraries provided by third parties:

  • The Java Runtime Environment (for DIAL)
  • Microsoft's .NET framework (ProductionService on Windows)
  • Microsoft's Xamarin Mono C# Runtime (ProductionService on Linux)

Keeping these operating system components up-to-date, as well as the internal mail server, will minimize the risk of SSL/TLS vulnerabilities.

TIP: Check the DI website periodically for new Security Notices.