ENCRYPTION-IN-TRANSIT
Encryption of in-transit data — TLS 1.3, mTLS, SSH, IPSec.
Definition
Modern standards: TLS 1.3 (RFC 8446, 2018) with mandatory AEAD cipher suites, forward secrecy by default. For AS2: RFC 4130 mandates minimum TLS. For AS4 (PEPPOL): TLS 1.2+ mandatory. SFTP: ed25519 keypairs recommended. Disable TLS 1.0/1.1, MD5, SHA-1, RSA-1024.
Origin
TLS 1.3 published by IETF in August 2018 (RFC 8446). Migration in-progress in the EDI ecosystem.
Example in context
An AS2 endpoint accepting ONLY TLS 1.3 with mTLS X.509 and rejecting any expirable TLS 1.2 client.