Securing Outbound Connection with Proxy

In large systems distributed over multiple networks it may be necessary to communicate over an untrusted channel, for example the internet.
In such situations the Proxy can be used.

The connection between two Proxy instances is encrypted and secured through TLS. The message payload itself is encrypted in the same way as internal messages using an AES with a key size of 128, 192 or 256 bits.

To verify the identity of the connection partners and avoid man-in-the-middle attacks, the connection uses TLS and pre-shared certificates. They are stored via a Java key store defined in the Proxy configuration. For details see Configuring the Client Proxy.