Applications Implementing Secured TCP Communication

Communication Libraries

EcoStruxure Machine Expert provides libraries that support secured communication using TLS (Transport Layer Security). They provide client and/or server functionality as indicated in the following table:

The clients or server can be configured to use TLS for encrypted communication.

Whether a connection using TLS is supported depends on the controller where the corresponding function block is used. Refer to the specific manual of your controller to verify if TCP communication using TLS is supported.

Certificates

In the context of TLS, certificates can be used to verify the identity of the communication partners. Certificates are sent during the establishing of a connection, the so-called TLS handshake. The sending of the certificate is optional for the client, unless the server requests the client certificate. The server is sending its certificate at every time. Only if the result of the verification of the certificate is positive a connection with the communication partner can be established.

Verification of Certificates

The EcoStruxure Machine Expert libraries that support secured connection using TLS provide the parameter etCertVerifyMode for selecting the mode of verification of the certificate which is sent by the communication partner during the TLS handshake.

The following modes are supported:

If the client or server is configured to verify the server certificate in mode TrustedOnly, it is required to manage the certificates on your controller in a manual manner. This can be performed using the editor Security Screen in EcoStruxure Machine Expert Logic Builder. The required steps are described in the following section.

NOTE: TrustedOnly is the only way to authenticate the communication partner.