Security - TLS Status

04/07/2015 - Bxp Software now supports TLS 1.2.

Bxp software is a secure software solution utilising various methods of encryption and authentication when possible. The latest change in bxp’s security was the upgrading of our cryptographic protocol for our web service. In the past TLS 1.0 was used by all of our clients as it was back compatible with all of our clients systems. The most recent change to our cryptographic protocol was to implement TLS negotiation on our web service. With this in place our clients using legacy software can still use the service through TLS 1.0 while clients with modern browsers will be able to utilise a more secure TLS 1.2 connection.

TLS 1.2 [..] Based on TLS 1.1, TLS 1.2 contains improved flexibility. The major differences include:
       • The MD5/SHA-1 combination in the pseudorandom function (PRF) was replaced with cipher-suite-specified PRFs.
       • The MD5/SHA-1 combination in the digitally-signed element was replaced with a single hash. Signed elements include a field explicitly specifying the hash algorithm used.
       • There was substantial clean-up to the client's and server's ability to specify which hash and signature algorithms they will accept.
       • Addition of support for authenticated encryption with additional data modes.
       • TLS Extensions definition and AES Cipher Suites were merged in.
       • Tighter checking of EncryptedPreMasterSecret version numbers.
       • Many of the requirements were tightened
       • Verify_data length depends on the cipher suite
       • Description of Bleichenbacher/Dlima attack defenses cleaned up.