Creating Secure Sessions

Clients can optionally create secure sessions that require trusted server certificates to establish a TLS/SSL-encrypted client connection to a Solace event broker. When a secure session is created, SMF information is transported using TLS/SSL over TCP instead of plain-text over TCP.

To create a secure session, a number of TLS/SSL-specific session properties must be specified as discussed below. In addition, the event broker that the secure session will connect to must be properly configured, and the appropriate server certificate must be in place. For information on configuring an event broker to allow for secure connections, see TLS / SSL Service Configuration.

TLS/SSL-Specific Properties

To create a secure session, the following session properties must configured.

The Solace JavaScript API is configured through the browser where it runs, and doesn't support these configurations through session properties.

**TLS/SSL Secure Session Properties**
Property	Use	Description
Host	Solace JavaScript API: `solace.SessionProperties.url` Solace Node.js API: `solace.SessionProperties.url`	Each host entry for a TLS/SSL connection requires an appropriate TLS/SSL protocol, and a specific TLS/SSL port number can optionally be specified. If no port number is specified, the default port of 55443 is used. For information on configuring hosts, see Host.
Configuring Minimum and Maximum SSL Protocols	Solace JavaScript API: `SessionProperties.tlsMinProtocol` and `SessionProperties.tlsMaxProtocol` Solace Node.js API: `SessionProperties.tlsMinProtocol` and `SessionProperties.tlsMaxProtocol`	These properties specify the oldest (minimum) and most recent (maximum) TLS protocols supported. Possible values are: TLS v1.1 (`TLSv1.1`) TLS v1.2 (`TLSv1.2`) TLS v1.3 (`TLSv1.3`) The default minimum TLS protocol is TLS v1.2. The minimum and maximum TLS protocol version properties cannot be combined with the deprecated SSL excluded protocols properties.
SSL Certificate Validation	Solace JavaScript API: N/A Solace Node.js API: `solace.SessionProperties.sslValidateCertificate`	Indicates whether the API should validate server certificates with the trusted certificates in the trust store. The trust store is a directory on a server that contains the trusted certificates. The default value for this property is `True`.
SSL Cipher Suites	Solace JavaScript API: N/A Solace Node.js API: `solace.SessionProperties.sslCipherSuites`	A comma-separated list of cipher suites, listed in order of importance, to use to negotiate with the event broker. A cipher suite is a combination of cryptographic parameters that define the security algorithms and key sizes used for authentication, key agreement, encryption, and integrity protection. For a listing of the supported cipher suites in order of preference, see Solace Messaging APIs for the appropriate Solace Messaging API. By default, no cipher suites are listed, which indicates that all supported ciphers should be considered. If your application negotiates a TLS 1.3 connection, you cannot select which cipher suites to negotiate with the event broker and these properties are ignored.
SSL Trust Store (file-based)	Solace JavaScript API: N/A Solace Node.js API: `solace.SessionProperties.sslTrustStores`	The trusted certificate files (in path format) to use. This property is mandatory if the `sslValidateCertificate` property is set to `True`.
SSL Connection Downgrade To	Solace JavaScript API: N/A Solace Node.js API: `solace.SessionProperties.sslConnectionDowngradeTo`	Indicates that the SSL connection should be downgraded following client authentication. Allowed transport protocols for SSL connection downgrade To property are: "PLAIN_TEXT". This property is optional.

Provide feedback