Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Transfer to TLS

alistairk161838
Level 3
Level 3

Hi,

We currently use an SMPP connection on port 8100, we have had a requirement from our provider to transfer to an encrypted connection which would be TLS 1.1 (or higher) on port 8143.

How best to accomplish this? Will modifying the MX rules to use TLS and changing the port be enough or will there need to be some server side modification?

Thanks in advance

1 Accepted Solution
Amit_Kumar
Correct answer by
Community Advisor
Community Advisor

Hi Alistair,

It's not a straightforward process.

Prerequisite:

Can you check if your customer is on version 6.1.0? if yes then you need to upgrade to build 8192 at least to use TLS1.1

Current status:

Adobe Campaign technical support can provide you the stack trace and in stack trace look for protocol versions, whether it's TLS v1.0 or TLS v1.1? If yes, you can simply change the MX management rules and it will work for you.

Implementation:

If you have access to serverConf.xml configuration file, then you can check the configurations if it's which is applied. If not configure it by installing the proper SSL certificate and allowing following configurations on the server.

SSLProtocol: all -SSLv3 -TLSv1 -TLSv1.1

Docs for TLS and SSL:     

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol

Security/Server Side TLS - MozillaWiki

or simply raise a neolane support ticket to enable TLS 1.1 and if possible TLS1.2 as in future everyone is moving towards 1.2(at the moment not possible with Adobe campaign??)

Regards,

Amit

View solution in original post

0 Replies
Amit_Kumar
Correct answer by
Community Advisor
Community Advisor

Hi Alistair,

It's not a straightforward process.

Prerequisite:

Can you check if your customer is on version 6.1.0? if yes then you need to upgrade to build 8192 at least to use TLS1.1

Current status:

Adobe Campaign technical support can provide you the stack trace and in stack trace look for protocol versions, whether it's TLS v1.0 or TLS v1.1? If yes, you can simply change the MX management rules and it will work for you.

Implementation:

If you have access to serverConf.xml configuration file, then you can check the configurations if it's which is applied. If not configure it by installing the proper SSL certificate and allowing following configurations on the server.

SSLProtocol: all -SSLv3 -TLSv1 -TLSv1.1

Docs for TLS and SSL:     

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol

Security/Server Side TLS - MozillaWiki

or simply raise a neolane support ticket to enable TLS 1.1 and if possible TLS1.2 as in future everyone is moving towards 1.2(at the moment not possible with Adobe campaign??)

Regards,

Amit

alistairk161838
Level 3
Level 3

Thanks Amit,

We are on v7, 8857 and have no access to the serverconf.xml. So I'll need to raise a ticket to support for this. Do we then need to apply the Default Configuration in the MX rules once this has been completed by support or will it just work once the new port has been applied to the external account?

Amit_Kumar
Community Advisor
Community Advisor

Hi Alistair,

No, you need not do that as this is a part of the process while setting up theTLS1.1 for SMPP connectors. If they don't do it(Maybe some support guys over neolane, forgets to do it), ask them to do it for you as they will be able to troubleshoot the test connection(something doesn't go as planned) as they will have access to stack trace at the server.

Regards,

Amit

alistairk161838
Level 3
Level 3

Thanks Amit - I'll get the ticket raised and point them at this topic .

alistairk161838
Level 3
Level 3

Hi Amit,

Tech Ops seem to think that TLS is not an option? They have a link to this thread with your advice on the SSL Certificate configuration but have come back with the following;

"As per them TLS is not supported for SMPP. It is the way campaign is designed, that the SMPP connector does not support TLS."

Thoughts? As this is a fully hosted solution I'm slightly at the mercy of the Tech Ops team.

Amit Kumar

Adhiyan

daniell35335226

Vipul Raghav

Vapsy
Employee
Employee

Hi Alistair,

For Adobe hosted customers we currently don't have this option. An improvement is in pipeline to enable the SMS connector to work with encrypted channels but it is with the product management.

At the moment, unfortunately, you cannot make the communication SSL based.

If the instance was on-prem few customers make use of VPN tunneling but it is not supported by tech-ops.

Regards,
Vipul

Amit_Kumar
Community Advisor
Community Advisor

Hi Vipul Raghav & Alistair,

I have reached out to my team and just to confirm how did they enabled it, You are correct Tech support will not be able to enable this for you. In our case, it was Adobe Consulting/Engineering team as they have access to SMPPConnector.java and smpp34.jsp.

we had to involve our Account manager and pay for this separately to enable this.

Regards,

Amit

alistairk161838
Level 3
Level 3

Thanks both. I'll escalate this internally. Appreciate the feedback.

mroshaw
Level 1
Level 1

alistairk16183831​ - what was the result of all of this? We're now being told by our SMS provider that we MUST secure our SMPP connection with TLS, so we're in a bit of a bind with hosted AC Classic v6. We're on build 8993.

alistairk161838
Level 3
Level 3

mroshaw

Very little I'm afraid, as I understand Adobe will be pushing out a fix to all classic users to enable TLS around August/September but obviously that is some time away yet.

I've escalated the issue and Adobe proposed solution to my PM and am now awaiting further feedback. I suspect we will either source some Adobe engineering resource or see if we can postpone the TLS requirement until the Adobe release.