AS2 configurations
This topic describes the supported configurations, features, and capabilities for transfers that use the Applicability Statement 2 (AS2) protocol, including the accepted ciphers and digests.
Signing, encryption, compression, MDN
For both inbound and outbound transfers, the following items are either required or optional:
-
Encryption – Required (for HTTP transport, which is the only transport method currently supported). Unencrypted messages are only accepted if forwarded by a TLS-terminating proxy such as an Application Load Balancer (ALB) and the
X-Forwarded-Proto: httpsheader is present. -
Signing – Optional
-
Compression – Optional (the only currently supported compression algorithm is ZLIB)
-
Message Disposition Notice (MDN) – Optional
Ciphers
The following ciphers are supported for both inbound and outbound transfers:
-
AES128_CBC
-
AES192_CBC
-
AES256_CBC
-
3DES (for backward compatibility only)
Digests
The following digests are supported:
-
Inbound signing and MDN – SHA1, SHA256, SHA384, SHA512
-
Outbound signing and MDN – SHA1, SHA256, SHA384, SHA512
MDN
For MDN responses, certain types are supported, as follows:
-
Inbound transfers – Synchronous and asynchronous
-
Outbound transfers – Synchronous only
-
Simple Mail Transfer Protocol (SMTP) (email MDN) – Not supported
Transports
-
Inbound transfers – HTTP is the only currently supported transport, and you must specify it explicitly.
Note
If you need to use HTTPS for inbound transfers, you can terminate TLS on an Application Load Balancer or a Network Load Balancer. This is described in Receive AS2 messages over HTTPS.
-
Outbound transfers – If you provide an HTTP URL, you must also specify an encryption algorithm. If you provide an HTTPS URL, you have the option of specifying NONE for your encryption algorithm.