Secure SuiteLink connection

To ensure a high level of confidentiality and privacy, SuiteLink communication between a server and a client is encrypted by default.

Since the introduction of secure SuiteLink (V3), SuiteLink has been providing the fallback so that a SuiteLink server can accept incoming connections in a secure (V3, encrypted) or an unsecure (V2, unencrypted) mode together. From the System Platform 2023 release, by default, the fallback mode to accept V2 connection is disabled.

Note: Using a Secure SuiteLink connection is highly recommended. A warning message will be generated in the logger if the SuiteLink connection is unsecure. As of System Platform 2023, the SuiteLink connection is by default secure with TLS encryption.

If you want to enable the fallback mode to accept the both unsecure and secure connection, you have to make the configuration changes in the System Management Server as below:

1. In the Configurator, expand Common Platform, and select System Management Server.

2. Select the This machine is the System Management Server option.

   

3. Select Advanced.

4. In the Advanced Configuration window that appears, select the Communications tab.

5. Select the Accept non-encrypted SuiteLink connections (mixed mode) check box and select OK. This enables the mixed mode. That is , both encrypted and non-encrypted connections are accepted. If you upgrade from the previous version, then this option is selected by default.

   • If Accept non-encrypted SuiteLink connections (mixed mode) selected: A client first attempts to establish a secure connection to the SuiteLink server. If a secure connection cannot be established, the client then establishes the connection to the server without security. This is how it was behaving earlier, prior to the System Platform 2023 release.

   • If Accept non-encrypted SuiteLink connections (mixed mode) unselected: Client connections to the SuiteLink server are only successful if the connection is secured, that is both nodes must be configured to use the System Management Server. This option ensures that the connection between the SuiteLink Server and SuiteLink clients is always secure (encrypted). If a secure connection is not available, the connection will not be allowed. A secure connection between client and server is only possible if both are configured to use the System Management Server.

     Note: If you want only the encrypted connection (V3), then unselect the Accept non-encrypted SuiteLink connections (mixed mode) check box, and select OK.

     Mixed mode is recommended for use under the following condition:

   • To support legacy applications that do not use encrypted SuiteLink communications. While upgrading an existing Communication Drivers Pack with unsecure SuiteLink to 2023 or later without configuring SMS, then fallback is disabled. SuiteLink no longer works after upgrade.You have to enable the mixed mode after the upgrade is complete.

     

6. Select Configure.

   Note: Whenever the SuiteLink communication mode is changed, a system restart is required before the new mode will take effect.

For more information on System Management Server configuration, refer to the Common Platform Configuration section of the System Platform Installation Guide.