SSL/TLS: Support for ECDSA certificates

4D uses SSL/TLS to secure client-server communication and HTTP requests. 4D is supporting RSA cryptography since more than a decade and with 4D v20R4 we are now adding ECDSA cryptography to our tool belt. It’s a good moment for me to speak a bit about security.

SSL/TLS is a protocol used to encrypt communications between a client and a server. It’s used worldwide for nearly 3 decades, it’s tough, unbreakable and fast. In 4D, you can use it mainly at 2 places: To encrypt the communication between a 4D Client and a 4D Server and to encrypt the requests to 4D web server. We strongly advise you to encrypt both your client-server communications and the requests to your web server, and as a matter of fact encrypting client-server communication has become the default setting since 4D v18.

Encrypt client-server communication

To activate the encryption of your client-server communications, you can open the client-server tab of the database settings and check the “Encrypt client-server communication” checkbox.

Note for the future: The QUIC network layer that we are currently implementing is based on the QUIC protocol which is necessarily encrypted. As such, if you select the QUIC layer the checkbox will not be displayed as the encryption is always activated.

Activating the SSL/TLS protocol is not enough to protect your communication, you also need to provide a certificate that 4D will use to encrypt the communication. 4D provides one that you can find in the Resources folder of 4D Server in the files named key.pem and cert.pem. As 4D provides the same certificate to all its customers, it is not recommended to use these files in production. You should replace it with your own certificate instead.

Encrypt HTTP requests

If you want to encrypt your web server communications, you need to use the HTTPS protocol, which is the secured version of the HTTP protocol. In the web tab of the database settings, you can activate HTTPS (it is activated by default).

Once again, you’ll need to provide a certificate that 4D will use for the encryption (you can use the same certificate than for 4D Server if you wish). You need to put the files key.pem and cert.pem next to the project folder.

ECDSA certificates

So, let’s speak about certificates. There are 2 main encryption algorithms used by TLS/SSL: RSA and ECDSA. Both are unbreakable, stable and fast, so you can choose the one you prefer. RSA is the industry standard but ECDSA is becoming more and more common. As such, we have decided to handle ECDSA alongside RSA. For you, there’s no difference in how to use them, you just need to put your key.pem and cert.pem files in the correct location, whatever encryption algorithm your certificate is using.

If you want to know more about TLS/SSL and encryption, I can redirect you to 4D documentation. And if you have any question, don’t hesitate to ask on 4D official forum.