Data security is a critical component of the Tealeaf solution. Tealeaf components employ the following encryption standards to safeguard your customers' interactions with your web application.
Key characteristics
The following is a list of key characteristics within Tealeaf:
- Except as noted below, Tealeaf components use symmetrical encryption. The same key is used for encryption and decryption operations.
- Custom object identifiers (OIDs) are not used.
- Subject Alternate Names (SANs) are not used.
- SSL library is used to manage all encryption.
Encryption by component
Component | Encryption |
---|---|
CX Passive Capture Application server | Web Server Keys are converted into encrypted 160-bit 3DES Tealeaf ptl formatted keys. Keys cannot be copied or used by another PCA server. |
Data encryption | For PCA servers pipeline privacy component or the Privacy pipeline agent, any part of the captured data can be encrypted to use either the RC2 or 3DES algorithm. |
Server communication | By default, the supplied Tealeaf self-signed certificate/key is 2048-bit. Communication between the PCA server and the Tealeaf CX Server can be encrypted with this certificate/key.
Note: SSL traffic between the PCA server and the Tealeaf CX Server utilizes asymmetrical encryption.
|
Session data | The Processing Server (Canister) stores all session data to disk in LSSN files encrypted using 3DES.
Note: Tealeaf maintains the 3DES keys, which are not configurable through Tealeaf products.
|
Portal and Report server | Portal user passwords are encrypted using 192-bit 3DES. |