I'm found your answer about Encryption middleware:
If you want to use custom encryption (not use HTTPS, which would be strongly the recommended way), I'm not sure how would you expect that the client wouldn't participate in this? If it's custom encryption, then the client must encrypt and decrypt the message, right?
The server part and client part of software is both provided by me. This is client-server software with secure storage of sensitive data of the customers
Then why are you asking to have encryption using middleware-only?
I'm asking not about encryption via middleware only, I'm asking which method is the best if we don't use https.
Then the way to do it is the one you mentioned in some posts above. You can contact us via e-mail and I can send you a more detailed example.
Please send me it to alexegorov (at) gmail.com
I need also this detailed example please, on firstname.lastname@example.org.