Transport Layer Security (TLS) is a cryptographic protocol that uses mutual certificate-based authentication and provides a secure and reliable connection between two devices. It is a successor to the Secure Sockets Layer (SSL) protocol. When a Netconf session is established over TLS, the NetConf server acts as the TLS server, and the NetConf client must act as the TLS client.

NetConf sessions over TLS provide some advantages over sessions that use SSH. Whereas SSH authenticates a client by using credentials (username and password) or keys, TLS uses certificates to mutually authenticate both the client and the server. Certificates can provide additional information about a client, and they can be used to securely authenticate one device to another. Thus, while NetConf sessions over SSH work well for manually managing individual devices, NetConf sessions that use TLS enable secure device-to-device communication for more effectively managing and automating devices in large-scale networks.

TLS subsystem logs are integrated with the system logger (syslog) and appear (along with other OcNOS logs) in /var/log/message with the tag TLS_SUBSYS.

TCP port number 6513 is used by the NetConf server to listen for TCP connections established by NetConf over TLS clients.