Transport-layer security (TLS) messaging is an industry standard, RFC-compliant method of providing communications security. Code42 servers use the TLS protocol version 1.2 for server-to-server and client-to-server communication.
This tutorial explains how to ensure your Code42 environment is properly configured to use TLS.
If your authority server is a Code42 managed appliance, contact our Customer Champions about configuration to support TLS. Do not configure your environment on your own.
- TLS is the default messaging protocol for the Code42 environment.
- Client-to-server communications use port 4287
- Server-to-server communications use port 4288
- The Legacy port values displayed in the administration console were for the Code42 custom protocol in versions 5.3 and earlier. The default ports were 4282 and 4283.
- In the administration console, configure the TLS port. The authority server subtracts 5 to calculate the legacy port number.
- In Code42 app configuration, provide the legacy port number. The apps add 5 to calculate the TLS port number.
Ensure TLS is configured
Follow these steps to ensure that all servers in your Code42 environment are able to communicate using TLS.
Step 1: Open TLS ports
Configure your network to allow all Code42 apps and Code42 servers (authority server and storage servers) to communicate over ports 4287 and 4288.
- Sign in to the console.
- Go to Settings > Server > General.
- In the TLS port fields, enter the TLS port numbers. By default, the TLS port number for the primary and secondary network addresses is 4287.
Code42 for Enterprise calculates the legacy port numbers by subtracting 5 from the TLS port numbers. Environments using legacy ports other than 4282 and 4283 must specify TLS ports 5 higher than the existing legacy ports.
Validating Ports In Use
To check if the server is listening (or has an established connection) on a specific port, enter the following terminal or command prompt command:
Step 2: Verify that your Code42 environment communicates over TLS
- Sign in to the console.
- Go to Settings > Server.
- Next to System logs, click View.
The Logs view appears.
- From the list, choose the com_backup42_app.log Code42 server log file.
- Search for this line to verify that your Code42 environment is communicating over TLS:
[08.29.16 21:15:12.584 INFO re-event-2-1 handler.AppProtocolStartListener] SABRE:: TLS connection established. version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, channel=[id: 0xde7cee54, L:/10.43.32.218:4287 - R:/220.127.116.11:55074]
- Repeat steps 1 to 5 on each Code42 server in your Code42 environment.
- Wikipedia: Transport Layer Security