Hi,
OPC UA supports different transport profiles:
- UA-TCP UA-SC UA Binary
- SOAP-HTTP WS-SC UA XML
- HTTPS UA XML
- ...
Is it correct that there is no "TLS" by usage of the profile "UA-TCP UA-SC UA Binary"?
I captured exchanged data with wireshark and I see parts of TCP and of course UA Binary. But there is no "TLS" inside.
A colleague told me that OPC UA uses "TLS" all the time. Is this statement correct?
Also when I use the transport profile "SOAP-HTTP WS-SC UA XML" is there a part of "TLS" inside?
When I use HTTPS then I think "TLS" must be inside, but not in the other profiles? Is this correct?
Is there any graphical representation of the captured data for the different profiles?
I mean a graphic for the nested data? Which information (header, ...) is added in which profile.
Thank you very much,
Mel
Transport Profiles
Moderator: Support Team
-
Support Team
- Hero Member
- Posts: 3068
- Joined: 18 Mar 2011, 15:09
Re: Transport Profiles
Hello Mel,
the OPC UA transport profiles exactly state what they are composed of. Generally spoken there are profiles which use secured "transport" i.e. HTTPS/TLS and the message inside is not secured. And on the other side there are secured "messages" but they are send over an insecure transport i.e. UA-TCP/HTTP.
Having said that, your colleague is not correct, UA does not always use TLS, it is actually quite rare.
The prefered way in OPC UA is to create compact binary encoded data and use UA secure conversation to secure such message and than transport it over TCP/IP. Exaclty this is stated in the short cut format of the transport profile (<transport><security><encoding>), in this case: (UA-TCP, UA-SC, UA-Binary).
Another profile would send an XML encoded message via non-secure HTTP transport, but in this case the message is secured by using WebService secure conversation. Another option would be sending XML encoded non-secured message over HTTPS.
Now in addition to the two above there is a "hybrid" profile that sends a binary encoded message over a HTTPS (TLS) transport. In this case the binary message must not be secured, because the transport channel is secured already.
Best Regards
Support Team
the OPC UA transport profiles exactly state what they are composed of. Generally spoken there are profiles which use secured "transport" i.e. HTTPS/TLS and the message inside is not secured. And on the other side there are secured "messages" but they are send over an insecure transport i.e. UA-TCP/HTTP.
Having said that, your colleague is not correct, UA does not always use TLS, it is actually quite rare.
The prefered way in OPC UA is to create compact binary encoded data and use UA secure conversation to secure such message and than transport it over TCP/IP. Exaclty this is stated in the short cut format of the transport profile (<transport><security><encoding>), in this case: (UA-TCP, UA-SC, UA-Binary).
Another profile would send an XML encoded message via non-secure HTTP transport, but in this case the message is secured by using WebService secure conversation. Another option would be sending XML encoded non-secured message over HTTPS.
Now in addition to the two above there is a "hybrid" profile that sends a binary encoded message over a HTTPS (TLS) transport. In this case the binary message must not be secured, because the transport channel is secured already.
Best Regards
Support Team
-
Mel
- Sr. Member
- Posts: 10
- Joined: 04 Mar 2014, 14:19
Re: Transport Profiles
Thank you so much for the fast and detailed answer :-)