Hi Ingo,
Two small questions:
1) Are you worrying about STARTTLS:
There is TLS, but that is probably only intended as an extension for TCP connections.
also if the switch to TLS is done automatically into initial handshaking?
2) Probably DBMS connections support not only STARTTLS method but also a native TLS connection without the initial phase on unencrypted ports. Try to check for them...
Hope it helps.
Gianni
------------------------------
Gianni Sandigliano
IT
------------------------------
Original Message:
Sent: 08-27-2024 10:10
From: Ingo Stiller
Subject: DORA and "in transfer": SSL for MSS-driver ?
Hi Freaks
As a software company for certain financial services, we are also subject to the DORA Regulation.
There are a few points in Article 6 that should be fulfilled
https://www.dora-info.eu/rts-rmf/article-6/
- the encryption of data at rest and in transit;
- the encryption of data in use, where necessary;
- the encryption of internal network connections and traffic with external parties
"in rest"
Can be solved on the database
"in use"
Is almost impossible to solve with reasonable effort or how do you want to encrypt variable content?
But there is a mitigation (see "For the purposes of point (b)" )
And since our customers only work InHouse ...
"in transfer"
And here is the question, how does the UnifAce client communicate with the SQL database?
There is TLS, but that is probably only intended as an extension for TCP connections.
Theoretically, you can access the SQL server in encrypted form if you install Zeritifikate&Co there
But what does the UnifAce driver do then?
Or is it sufficient to check "strong encryption" in the ODBC administration?
Any ideas, comments, notes,... are welcome
For all of the "nice" points :-)
Ingo
------------------------------
Ingo Stiller
Aareon Deutschland GmbH
------------------------------