| 1. Communication between WebAgent and Policy Server |
| =================================================== |
| The SiteMinder Policy Server does not support SSL/TLS with the its own |
| clients (i.e: WebAgent). |
| However, the communication channel between the Policy server and its clients |
| is secured through CA's proprietary encryption implementation. |
|
| 2. Communication between Policy Server and Database servers |
| =========================================================== |
| When SSL/TLS is configured, only communication channel between the Policy |
| Server and Database server is secured with SSL/TLS. |
|
| a. LDAP/Active Directory over LDAP namespace: |
| - SiteMinder Policy Server version less than 12.51: |
| The SiteMinder Policy Server uses an older version of Mozilla LDAP SDK to |
| communicate with the LDAP server that only supports SSL v3. |
| - SiteMinder Policy Server version 12.5 and above: |
| The SiteMinder Policy Server uses an updated version of Mozilla LDAP SDK |
| that supports TLS 1.1 and 1.2 |
|
| b. Oracle ODBC, DB2, MySQL: |
| - All SiteMinder Policy Server versions: |
| The policy Server uses Progress DataDirect driver that supports SSL and |
| TLS 1.1 and 1.2 |
|
| c. Microsoft SQL: |
| - SiteMinder Policy Server version less than 12.51 |
| The SiteMinder Policy Server uses an old version of Progress DataDirect |
| driver that does not support SSL/TLS. |
| - SiteMinder Policy Servers version 12.51 and above |
| The SiteMinder Policy Server uses an updated version of Progress |
| DataDirect driver that supports SSL and TLS 1.1 and 1.2 |
|
| d. Active Directory: |
| - All SiteMinder versions: |
| The SiteMinder Policy Server uses Microsoft Window's native driver to |
| connect to Active Directory. |
| Therefore support of SSL and TLS 1.1 and 1.2 depends on each Windows |
| version. |