Hi,
We currently use an SMPP connection on port 8100, we have had a requirement from our provider to transfer to an encrypted connection which would be TLS 1.1 (or higher) on port 8143.
How best to accomplish this? Will modifying the MX rules to use TLS and changing the port be enough or will there need to be some server side modification?
Thanks in advance
Solved! Go to Solution.
Hi Alistair,
It's not a straightforward process.
Prerequisite:
Can you check if your customer is on version 6.1.0? if yes then you need to upgrade to build 8192 at least to use TLS1.1
Current status:
Adobe Campaign technical support can provide you the stack trace and in stack trace look for protocol versions, whether it's TLS v1.0 or TLS v1.1? If yes, you can simply change the MX management rules and it will work for you.
Implementation:
If you have access to serverConf.xml configuration file, then you can check the configurations if it's which is applied. If not configure it by installing the proper SSL certificate and allowing following configurations on the server.
SSLProtocol: all -SSLv3 -TLSv1 -TLSv1.1
Docs for TLS and SSL:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol
Security/Server Side TLS - MozillaWiki
or simply raise a neolane support ticket to enable TLS 1.1 and if possible TLS1.2 as in future everyone is moving towards 1.2(at the moment not possible with Adobe campaign??)
Regards,
Amit
Views
Replies
Total Likes
Hi Alistair,
It's not a straightforward process.
Prerequisite:
Can you check if your customer is on version 6.1.0? if yes then you need to upgrade to build 8192 at least to use TLS1.1
Current status:
Adobe Campaign technical support can provide you the stack trace and in stack trace look for protocol versions, whether it's TLS v1.0 or TLS v1.1? If yes, you can simply change the MX management rules and it will work for you.
Implementation:
If you have access to serverConf.xml configuration file, then you can check the configurations if it's which is applied. If not configure it by installing the proper SSL certificate and allowing following configurations on the server.
SSLProtocol: all -SSLv3 -TLSv1 -TLSv1.1
Docs for TLS and SSL:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol
Security/Server Side TLS - MozillaWiki
or simply raise a neolane support ticket to enable TLS 1.1 and if possible TLS1.2 as in future everyone is moving towards 1.2(at the moment not possible with Adobe campaign??)
Regards,
Amit
Views
Replies
Total Likes
Thanks Amit,
We are on v7, 8857 and have no access to the serverconf.xml. So I'll need to raise a ticket to support for this. Do we then need to apply the Default Configuration in the MX rules once this has been completed by support or will it just work once the new port has been applied to the external account?
Views
Replies
Total Likes
Hi Alistair,
No, you need not do that as this is a part of the process while setting up theTLS1.1 for SMPP connectors. If they don't do it(Maybe some support guys over neolane, forgets to do it), ask them to do it for you as they will be able to troubleshoot the test connection(something doesn't go as planned) as they will have access to stack trace at the server.
Regards,
Amit
Views
Replies
Total Likes
Thanks Amit - I'll get the ticket raised and point them at this topic .
Views
Replies
Total Likes
Hi Amit,
Tech Ops seem to think that TLS is not an option? They have a link to this thread with your advice on the SSL Certificate configuration but have come back with the following;
"As per them TLS is not supported for SMPP. It is the way campaign is designed, that the SMPP connector does not support TLS."
Thoughts? As this is a fully hosted solution I'm slightly at the mercy of the Tech Ops team.
Views
Replies
Total Likes
Hi Alistair,
For Adobe hosted customers we currently don't have this option. An improvement is in pipeline to enable the SMS connector to work with encrypted channels but it is with the product management.
At the moment, unfortunately, you cannot make the communication SSL based.
If the instance was on-prem few customers make use of VPN tunneling but it is not supported by tech-ops.
Regards,
Vipul
Hi Vipul Raghav & Alistair,
I have reached out to my team and just to confirm how did they enabled it, You are correct Tech support will not be able to enable this for you. In our case, it was Adobe Consulting/Engineering team as they have access to SMPPConnector.java and smpp34.jsp.
we had to involve our Account manager and pay for this separately to enable this.
Regards,
Amit
Thanks both. I'll escalate this internally. Appreciate the feedback.
Views
Replies
Total Likes
alistairk16183831 - what was the result of all of this? We're now being told by our SMS provider that we MUST secure our SMPP connection with TLS, so we're in a bit of a bind with hosted AC Classic v6. We're on build 8993.
Views
Replies
Total Likes
Very little I'm afraid, as I understand Adobe will be pushing out a fix to all classic users to enable TLS around August/September but obviously that is some time away yet.
I've escalated the issue and Adobe proposed solution to my PM and am now awaiting further feedback. I suspect we will either source some Adobe engineering resource or see if we can postpone the TLS requirement until the Adobe release.
Views
Replies
Total Likes