The C SDK supports the default cipher suites of Apache Tomcat up to and including Tomcat 8.0.33. Subsequent versions of Tomcat may exclude ciphers that are used by earlier versions of OpenSSL and therefore could prevent the C SDK from connecting to the server in question (a ThingWorx Platform).

With OpenSSL, you can choose from 110 ciphers. For more information about the supported cipher suites, visit https://www.openssl.org/docs/manmaster/man1/ciphers.html.

As of v.2.1.2 of the C SDK, you can customize what cipher suites are used at run time through a C SDK parameter. Called cipher_set, this parameter has been added to the twcfg data structure of the C SDK. This parameter allows you to specify a string that contains your cipher suite configuration. This parameter is supported only for builds that are based on OpenSSL. When specifying a string, use the OpenSSL cipher list configuration format, which you can find at http://openssl.cs.utah.edu/docs/apps/ciphers.html#cipher_list_format.

If you do not specify any cipher suites, secure defaults are used. The default string is set in twOpenSSL.h as follows:

The file, twNoTls.h, sets the cipher suite to null because the functionality is not supported in the build.

If your application communicates with an instance of the ThingWorx Platform that uses Java 1.7, the cipher suite list should include !kEDH (as shown below) to disable Ephemeral Diffie-Hellman ciphers. Otherwise, Ephemeral Diffie-Hellman (EDH) key exchange will fail, and your device application will be unable to connect to the ThingWorx Platform.