...
- None - the client will connect to the kernel no matter if the kernel supports secure communication or not
- TLSNoPeerAuth - the client will only connect to the kernel supporting secure communication (but the kernel does not need to be verified by a certificate, i.e. its certificate is not compared with the TLS_TrustedCerts list)
- TLSPeerAuth - the client will only connect to the kernel ensuring secure communication whose certificate is in the TLS_TrustedCerts list
4. To use TLS, the client must also start with
...
/C<application_name> parameter in addition to the usual parameters (/S, /RD or /RF)
The reason is to already know the name of the application before connecting to the application server and loading the parameters from the TLS registers (see point 3).
The alternative is to set the DefaultApplication parameter in the registry.
Note: we recommend setting the DefaultApplication in the registry so that it is not necessary to enter the parameter /C<application_name> not only in all shortcuts on the desktop, but also when starting applications manually.
A client connecting to a server using TLS will write this in the log. If certificate verification is also required and the certificate is correctly verified, the word VERIFIED is in the log:
[2022-09-23 07:48:11.289]I CLIENT - Connecting to D2000 Server [localhost] TCP/IP|TLS...
[2022-09-23 07:48:11.348]I CLIENT - Connection established to D2000 Kernel V22.00.074 s380 [TCP/IP localhost:3119][TLSv1.3 VERIFIED]. ConnectionSqId = 1
The kernel acceptting accepting the client via TLS also writes this information in the log:
...