Enthuware

I think that specifying CONFIDENTIAL transport guarantee is not enough in this case.
We should specify INTEGRAL because the application requires that the data be sent between client and server in such a way that it cannot be changed in transit i.e. the integrity of the communication is maintained thoughout.

Source: https://docs.oracle.com/cd/E19798-01/82 ... xterm-1464

Altough In practice, Java EE servers treat the CONFIDENTIAL and INTEGRAL transport guarantee values identically..

Actually, it is the other way around.

CONFIDENTIAL is stronger than INTEGRAL. Both requirements can be solved by using SSL encryption algorithms. The weaker the encryption algorithm, the easier it is to crack it and break the CONFIDENTIAL requirement (when the integrity requirement is still fulfilled).

Regards,
Frits