Because the Hansoft client downloads executable code from the server, identity verification and trust play a key role in ensuring the integrity of communication.
Hansoft employs the industry standard TLS 1.2. encryption protocol for all communication between the client and the server. Additionally both client and server utilize X.509 certificate-based authentication and key exchange provided by the OpenSSL library.
This is done to protect clients from hacked servers, and to protect servers from clients running on unauthorized machines, minimizing security risks such as identity theft, eavesdropping and unauthorized access to sensitive information.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
Version 8.2 and onwards of Hansoft supports the security protocol TLS 1.2.
In order to facilitate secure communication, the Hansoft server can be configured with a certificate issued from a Certificate Authority -- an entity in a chain of trust stemming from a number of established root authorities. By accepting the certificate, the user indicates that they trust the Certificate Authority, and therefore the server they are connecting to, and that the connection is allowed to continue.
In addition, servers can be self-signed, in which case a Certificate Authority is not involved. Upon connecting for the first time, the user will be notified of this.
Logging in to a secure server
The login screen prompting the user to verify trust of the server
When first connecting to a server, the user is presented with a Trust verification dialog. Before accepting the certificate, the user may review the details by clicking the View certificate details link. If there are critical errors, these will be indicated. For more information about troubleshooting security, read the Troubleshooting section.
Trusting a certificate
If the information provided in the certificate appears to be legitimate, the user accepts the connection, and proceeds to log in to the server. Certificates can be stored permanently by checking the Always trust this certificate checkbox. The server is now considered trusted by the client, and further notices will be suppressed as long as the certificate remains valid.
Removing a certificate
Should the user ever wish to rescind a certificate, the Connection options dialog contains a section for managing certificates.
The connection dialog
The connection options dialog
Clicking the Manage stored trusted server certificates button will display a list of certificates the user has previously trusted. By clicking Remove, the certificate is deleted, and upon the next connection, the user will again be asked to verify trust in the certificate.
The list of certificates