All,
I have just begun supporting an AIMMS Pro implementation for my customers, and a separate cybersecurity team found that the traffic from the AIMMS Pro web server is unencrypted:
- Unencrypted Network Communication: AIMMS Pro Launch Page: When accessing the web frontend used to launch the application, traffic is transmitted using an unencrypted network protocol.
- Unencrypted Network Communication: Websocket: The application establishes a websocket to communicate with its server using an unencrypted network protocol.
Looking through the support/architecture documentation it appears that AIMMS Pro uses it’s own web services to host the page, so I’m trying to see what effort is involved in changing these settings, and what the implication is on the client side as well.