SSL/TLS Connection Security
Introduction
Client library can work with connections secured with Secure Sockets Layer (SSL) and it's successor Transport Layer Security (TLS) protocols. Currently supported is server authentication and connection encryption. That is where server side (SMSC) is authorized to the client using X.509 public key certificate which is also used to produce symmetric key for session encryption. It can provide the similar level of security as in Web Browsers when connecting using HTTPS protocol.
Usage
Connecting to an SMSC that uses SSL/TLS encryption requires only setting
tls.enabled
flag set to true among the ExtendedParameters
of tcpConnect
method:
string ep = "tls.enabled=1";
// [...]
int result = clientSMPP.tcpConnect("smsc.tele.com", 3300, ep);
if(result == 0) {
// Connection established correctly
} else {
// Connection error
}
Self-signed Certificate
Server certificate is verified by the security stack for SSL policy errors and the connection is not established if there is any problem detected. There is another flag which allows to accept server certificate blindly. It results in most server authenticity not being verified but still allows to create session key and encrypt the connection thus providing some degree of security. It is also very useful when using self-signed certificates which do not establish proper certification chain.
To accept server certificate blindly tls.checks
has to be set to false:
string ep = "tls.enabled=1;tls.checks=0";