SSL/TLS Connection Security


Client library can work with connections secured with Secure Sockets Layer (SSL) and it's successor Transport Layer Security (TLS) protocols. Currently supported is server authentication and connection encryption. That is where server side (SMSC) is authorized to the client using X.509 public key certificate which is also used to produce symmetric key for session encryption. It can provide the similar level of security as in Web Browsers when connecting using HTTPS protocol.


Connecting to an SMSC that uses SSL/TLS encryption requires only setting tls.enabled flag set to true among the ExtendedParameters of tcpConnect method:

string ep = "tls.enabled=1";

// [...]

int result = clientSMPP.tcpConnect("smsc.tele.com", 3300, ep);

if(result == 0) {
  // Connection established correctly
} else {
  // Connection error

Self-signed Certificate

Server certificate is verified by the security stack for SSL policy errors and the connection is not established if there is any problem detected. There is another flag which allows to accept server certificate blindly. It results in most server authenticity not being verified but still allows to create session key and encrypt the connection thus providing some degree of security. It is also very useful when using self-signed certificates which do not establish proper certification chain.

To accept server certificate blindly tls.checks has to be set to false:

string ep = "tls.enabled=1;tls.checks=0";

See Also

Extended Parameters