- 
                Notifications
    You must be signed in to change notification settings 
- Fork 45
Remove Arch section of FAQ #2853
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
          
     Open
      
        
      
            franrob-projects
  wants to merge
  17
  commits into
  main
  
    
      
        
          
  
    
      Choose a base branch
      
     
    
      
        
      
      
        
          
          
        
        
          
            
              
              
              
  
           
        
        
          
            
              
              
           
        
       
     
  
        
          
            
          
            
          
        
       
    
      
from
EDU-2100-remove-account-and-app-setup-and-cofig-faq
  
      
      
   
  
    
  
  
  
 
  
      
    base: main
Could not load branches
            
              
  
    Branch not found: {{ refName }}
  
            
                
      Loading
              
            Could not load tags
            
            
              Nothing to show
            
              
  
            
                
      Loading
              
            Are you sure you want to change the base?
            Some commits from the old base branch may be removed from the timeline,
            and old review comments may become outdated.
          
          
  
     Open
                    Changes from all commits
      Commits
    
    
            Show all changes
          
          
            17 commits
          
        
        Select commit
          Hold shift + click to select a range
      
      cfed345
              
                What is the difference between 'failed' and 'refused' message statist…
              
              
                franrob-projects e5f84cd
              
                How can I restrict connections or requests by origin or IP?
              
              
                franrob-projects 5d1b4a9
              
                Is it possible to restrict which channels or permissions an API key has?
              
              
                franrob-projects 6ccfeef
              
                Which TLS Version does the ably-js library use?
              
              
                franrob-projects d822e6c
              
                Do you support multiplexing and channel groups?
              
              
                franrob-projects fba6d1d
              
                If I need to whitelist Ably's servers from a firewall, which ports, I…
              
              
                franrob-projects 3fa0f9c
              
                Authenticated and identified clients
              
              
                franrob-projects 40bc1b8
              
                Are messages sent to and received from Ably securely using TLS?
              
              
                franrob-projects edf4ac5
              
                How can you restrict which channels a client can access?
              
              
                franrob-projects 5e7caad
              
                When I change a key's capabilities in the dashboard, will existing co…
              
              
                franrob-projects 10df3d1
              
                Cross-platform symmetric encryption offered by the libraries
              
              
                franrob-projects 8686b0e
              
                How do I report a security or privacy vulnerability on Ably
              
              
                franrob-projects 28bc91a
              
                Do you support MQTT? Are you protocol agnostic?
              
              
                franrob-projects e5efb4d
              
                What are Ably protocol adapters and how do they work?
              
              
                franrob-projects f95bd89
              
                Where are Ably's servers and datacenters located around the world?
              
              
                franrob-projects 21b4c95
              
                Why does Ably have concurrent channel limits?
              
              
                franrob-projects d0acd24
              
                Tidy up commit
              
              
                franrob-projects File filter
Filter by extension
Conversations
          Failed to load comments.   
        
        
          
      Loading
        
  Jump to
        
          Jump to file
        
      
      
          Failed to load files.   
        
        
          
      Loading
        
  Diff view
Diff view
There are no files selected for viewing
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              | Original file line number | Diff line number | Diff line change | 
|---|---|---|
|  | @@ -14,13 +14,41 @@ redirect_from: | |
|  | ||
| [Transport Layer Security (TLS)](https://en.wikipedia.org/wiki/Transport_Layer_Security) is enabled by default in Ably SDKs so that data is securely sent to, and received from, Ably. However, messages are not encrypted within the Ably system. Use the encryption channel option to ensure that message payloads are opaque, that they can't be decrypted by Ably, and can only be decrypted by other clients that share your secret key. | ||
|  | ||
| ## TLS transport security <a id="tls"/> | ||
|  | ||
| All Ably client libraries use TLS by default when communicating with Ably over REST or via realtime transports such as WebSockets. This provides a secure transport for communication with Ably, ensuring that messages in transit cannot be intercepted, inspected, or tampered with. | ||
|  | ||
| ### Disabling TLS | ||
|  | ||
| If you need to disable TLS (typically to reduce communication overhead for public data streams), you can specify `tls: false` in your [client options](/docs/api/realtime-sdk#client-options) when instantiating a Realtime or REST library. | ||
|  | ||
| <Aside data-type='warning'> | ||
| Disabling TLS is strongly discouraged and is disabled by default in all client libraries for security reasons. | ||
| There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. tls is enabled by default i.e default is true There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. should these be under connection / platform and not channel as its related to the underlying transport? | ||
| </Aside> | ||
|  | ||
| ### TLS restrictions | ||
|  | ||
| Unencrypted communication with Ably is **disallowed** if any of the following conditions are met: | ||
|  | ||
| * You attempt to use [Basic Authentication](/docs/auth/basic) and thus transmit a private API key over an unencrypted connection. You are only permitted to use unencrypted connections with [Token Authentication](/docs/auth/token) as tokens expire, limiting the impact of token interception. | ||
|  | ||
| * You have specified that TLS is required in your [app settings](/docs/platform/account/app/settings). | ||
|  | ||
| * A client using an unencrypted connection attempts to attach to a channel that is configured to be used with [TLS only](/docs/channels#rules). | ||
|  | ||
| ### TLS vs. message encryption | ||
|  | ||
| While TLS encryption ensures that messages in transit to and from Ably cannot be intercepted, inspected, or tampered with, it does not ensure that the Ably service itself is unable to inspect your messages and their content. If you want to ensure that all messages are encrypted and inaccessible to even Ably, consider using the [message-level encryption](#with-ably) feature included in the client libraries. | ||
|  | ||
| Setting encryption using channel options means that encryption is a feature that can be set per-channel. Apps may have both un-encrypted and encrypted channels on a single connection. | ||
|  | ||
| ## Encryption with Ably <a id="with-ably"/> | ||
| ## Cross-platform symmetric encryption <a id="with-ably"/> | ||
|  | ||
| All officially supported Ably client libraries provide **cross-platform symmetric encryption**, ensuring that encrypted messages can be sent from one platform and successfully decrypted on any other supported platform. | ||
|  | ||
| Ably SDKs support encryption purely as a convenience. The SDKs ensure interoperability between environments by having compatible implementations of encryption algorithms and by making common choices on things such as format, mode and padding. However, Ably intentionally does not manage the distribution of keys between clients, and end-to-end encryption is enabled without exposing keys to the Ably service at all. This has the advantage that Ably has no access to the un-encrypted contents of your messages, but also means that each app is responsible for enabling the distribution of keys to clients independently of Ably. | ||
|  | ||
| Encryption with Ably supports symmetric encryption only and requires each participating client to each specify the correct [`CipherParams`](/docs/api/realtime-sdk/encryption#cipher-params) secret `key` when creating a `channel` instance. Clients that do not specify a key will receive the still-encrypted message payloads, that they can subsequently decrypt offline if necessary. | ||
| Encryption with Ably supports **symmetric encryption only** and requires each participating client to each specify the correct [`CipherParams`](/docs/api/realtime-sdk/encryption#cipher-params) secret `key` when creating a `channel` instance. Clients that do not specify a key will receive the still-encrypted message payloads, that they can subsequently decrypt offline if necessary. | ||
|  | ||
| Only the AES algorithm, with a default key length of 256 bits, and CBC mode are supported. These defaults are intended to ensure that encryption support can be provided in all target environments and platforms. | ||
|  | ||
|  | ||
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
      
      Oops, something went wrong.
        
    
  
  Add this suggestion to a batch that can be applied as a single commit.
  This suggestion is invalid because no changes were made to the code.
  Suggestions cannot be applied while the pull request is closed.
  Suggestions cannot be applied while viewing a subset of changes.
  Only one suggestion per line can be applied in a batch.
  Add this suggestion to a batch that can be applied as a single commit.
  Applying suggestions on deleted lines is not supported.
  You must change the existing code in this line in order to create a valid suggestion.
  Outdated suggestions cannot be applied.
  This suggestion has been applied or marked resolved.
  Suggestions cannot be applied from pending reviews.
  Suggestions cannot be applied on multi-line comments.
  Suggestions cannot be applied while the pull request is queued to merge.
  Suggestion cannot be applied right now. Please check back later.
  
    
  
    
Uh oh!
There was an error while loading. Please reload this page.