ThingWorx Edge C SDK > Using SSL/TLS for Security
Using SSL/TLS for Security
OpenSSL provides a more secure and more-frequently updated library for securing your Edge applications than the Open Source axTLS library, which was previously provided with the ThingWorx Edge C SDK. As of v. 2.2.1 the ThingWorx C SDK distribution bundles include only the OpenSSL libraries and not the axTLS library. In addition, as of release 2.2.1, the non-FIPS distribution bundles include the OpenSSL 32– and 64–bit libraries, version 1.0.2q, which, on Windows platforms are based on the Visual Studio 2015 runtime library. The FIPS distribution bundles include the OpenSSL libraries v.1.0.2l, which are based on the Visual Studio 2012 runtime library.
The C SDK prints not only its version number but also the SSL/TLS library and version number being used. If FIPS is enabled, it includes that information as well.
For best security practices, use OpenSSL, which is provided in the distribution bundle.
The C SDK supports Apache Tomcat default ciphers up to and including Tomcat 8.0.33. Subsequent versions of Tomcat may exclude ciphers that are used in older versions of OpenSSL and therefore will prevent the ThingWorx C SDK from connecting to the server in question (a ThingWorx platform).
If you prefer to use your own security implementation, note that the C SDK provides wrapper functions that closely follow the OpenSSL API to make it easy to use in your applications. If you want to use another SSL/TLS implementation, you need to set up the C SDK to use your implementation by following the template provided in the file, twTemplateSSL.h, located in the subdirectory, /src/tls, of the C SDK installation. This file contains a template for an SSL/TLS wrapper layer for your SSL/TLS implementation.
The OpenSSL library supports client authentication for an application that you are developing with the C SDK.
Use of OpenSSL is the default setting when generating the make or project files using CMake. If you are using your own security implementation, it is possible to turn OpenSSL off and your implementation on. Here is an example of enabling a custom implementation and disabling OpenSSL:
Using an insecure connection is strongly discouraged, especially in a production environment.
The first argument for cmake is always the path to the source directory.