Using SSL/TLS for Security
As of release 3.1.0, the C SDK upgraded to OpenSSL 3.1.2.
 |
ThingWorx Edge C SDK 3.1.0 does not support FIPS mode.
|
 |
Although OpenSSL 3.1.2 includes TLS 1.3, ThingWorx Platform 9.4.x does not support it. It is advised to not use TLS 1.3 in C SDK applications.
|
To use another SSL/TLS implementation, you need to set up the C SDK to use your implementation by following the template provided in the file, twTemplateSSL.h, located in the subdirectory, /src/tls, of the C SDK installation. This file contains a template for an SSL/TLS wrapper layer for your SSL/TLS implementation.
 |
For best security practices, use OpenSSL, which is provided in the distribution bundle. For information on setting up certificates, refer to the section, Security for ThingWorx Edge SDK Applications.
|
The C SDK prints not only its version number but also the SSL/TLS library and version number being used in its log output.
The C SDK supports Apache Tomcat default ciphers up to and including Tomcat 8.0.33. Subsequent versions of Tomcat may exclude ciphers that are used in older versions of OpenSSL and therefore will prevent the ThingWorx C SDK from connecting to the server in question (a ThingWorx Platform).
|
|
The OpenSSL library supports client authentication for an application that you are developing with the C SDK.
|
When you generate the make or project files using CMake, remember that the default setting for the flag that indicates whether to use OpenSSL is ON. If you are using your own security implementation, you can turn this OpenSSL flag to OFF and your implementation ON. Here is an example of enabling a custom implementation and disabling OpenSSL:
cmake /path/to/tw-c-sdk -DUSE_CUSTOMSECURITY=ON -DUSE_OPENSSL=OFF
|
|
Do not use an insecure connection, especially in a production environment.
|
The first argument for cmake is always the path to the source directory.