Using SSL/TLS for Security
 |
ThingWorx Edge C SDK 3.1.0 does not support FIPS mode.
|
To use another SSL/TLS implementation, you need to set up the C SDK to use your implementation by following the template provided in the file, twTemplateSSL.h, located in the subdirectory, /src/tls, of the C SDK installation. This file contains a template for an SSL/TLS wrapper layer for your SSL/TLS implementation.
 |
For best security practices, use OpenSSL, which is provided in the distribution bundle. For information on setting up certificates, refer to the section, Security for ThingWorx Edge SDK Applications.
|
 |
You may use a different version of OpenSSL than the one provided. However, this version will not be officially supported by PTC. Compatibility and security testing must be handled independently. For best results and alignment with PTC’s validated configurations, use the OpenSSL version included in the official distribution bundle.
|
The C SDK prints not only its version number but also the SSL/TLS library and version number being used in its log output.
The C SDK supports Apache Tomcat default ciphers up to and including Tomcat 8.0.33. Subsequent versions of Tomcat may exclude ciphers that are used in older versions of OpenSSL and therefore will prevent the ThingWorx C SDK from connecting to the server in question (a ThingWorx Platform).
|
|
The OpenSSL library supports client authentication for an application that you are developing with the C SDK.
|
When you generate the make or project files using CMake, remember that the default setting for the flag that indicates whether to use OpenSSL is ON. If you are using your own security implementation, you can turn this OpenSSL flag to OFF and your implementation ON. Here is an example of enabling a custom implementation and disabling OpenSSL:
cmake /path/to/tw-c-sdk -DUSE_CUSTOMSECURITY=ON -DUSE_OPENSSL=OFF
|
|
Do not use an insecure connection, especially in a production environment.
|
The first argument for cmake is always the path to the source directory.