Level 3

Solved

Transfer to TLS

Forum|Forum|7 years ago
May 22, 2018
10 replies
7782 views

Hi,

We currently use an SMPP connection on port 8100, we have had a requirement from our provider to transfer to an encrypted connection which would be TLS 1.1 (or higher) on port 8143.

How best to accomplish this? Will modifying the MX rules to use TLS and changing the port be enough or will there need to be some server side modification?

Thanks in advance

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Amit_Kumar

Hi Alistair,

It's not a straightforward process.

Prerequisite:

Can you check if your customer is on version 6.1.0? if yes then you need to upgrade to build 8192 at least to use TLS1.1

Current status:

Adobe Campaign technical support can provide you the stack trace and in stack trace look for protocol versions, whether it's TLS v1.0 or TLS v1.1? If yes, you can simply change the MX management rules and it will work for you.

Implementation:

If you have access to serverConf.xml configuration file, then you can check the configurations if it's which is applied. If not configure it by installing the proper SSL certificate and allowing following configurations on the server.

SSLProtocol: all -SSLv3 -TLSv1 -TLSv1.1

Docs for TLS and SSL:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol

Security/Server Side TLS - MozillaWiki

or simply raise a neolane support ticket to enable TLS 1.1 and if possible TLS1.2 as in future everyone is moving towards 1.2(at the moment not possible with Adobe campaign??)

Regards,

Amit

Amit_KumarAccepted solution

Level 10

Hi Alistair,

It's not a straightforward process.

Prerequisite:

Can you check if your customer is on version 6.1.0? if yes then you need to upgrade to build 8192 at least to use TLS1.1

Current status:

Adobe Campaign technical support can provide you the stack trace and in stack trace look for protocol versions, whether it's TLS v1.0 or TLS v1.1? If yes, you can simply change the MX management rules and it will work for you.

Implementation:

If you have access to serverConf.xml configuration file, then you can check the configurations if it's which is applied. If not configure it by installing the proper SSL certificate and allowing following configurations on the server.

SSLProtocol: all -SSLv3 -TLSv1 -TLSv1.1

Docs for TLS and SSL:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol

Security/Server Side TLS - MozillaWiki

or simply raise a neolane support ticket to enable TLS 1.1 and if possible TLS1.2 as in future everyone is moving towards 1.2(at the moment not possible with Adobe campaign??)

Regards,

Amit

A

alistairk161838Author

Level 3

Thanks Amit,

We are on v7, 8857 and have no access to the serverconf.xml. So I'll need to raise a ticket to support for this. Do we then need to apply the Default Configuration in the MX rules once this has been completed by support or will it just work once the new port has been applied to the external account?

Amit_Kumar

Level 10

Hi Alistair,

No, you need not do that as this is a part of the process while setting up theTLS1.1 for SMPP connectors. If they don't do it(Maybe some support guys over neolane, forgets to do it), ask them to do it for you as they will be able to troubleshoot the test connection(something doesn't go as planned) as they will have access to stack trace at the server.

Regards,

Amit

A

alistairk161838Author

Level 3

Thanks Amit - I'll get the ticket raised and point them at this topic .

A

alistairk161838Author

Level 3

Hi Amit,

Tech Ops seem to think that TLS is not an option? They have a link to this thread with your advice on the SSL Certificate configuration but have come back with the following;

"As per them TLS is not supported for SMPP. It is the way campaign is designed, that the SMPP connector does not support TLS."

Thoughts? As this is a fully hosted solution I'm slightly at the mercy of the Tech Ops team.

Adhiyan

Adobe Employee

Hi Alistair,

For Adobe hosted customers we currently don't have this option. An improvement is in pipeline to enable the SMS connector to work with encrypted channels but it is with the product management.

At the moment, unfortunately, you cannot make the communication SSL based.

If the instance was on-prem few customers make use of VPN tunneling but it is not supported by tech-ops.

Regards,
Vipul

Amit_Kumar

Level 10

Hi Vipul Raghav & Alistair,

I have reached out to my team and just to confirm how did they enabled it, You are correct Tech support will not be able to enable this for you. In our case, it was Adobe Consulting/Engineering team as they have access to SMPPConnector.java and smpp34.jsp.

we had to involve our Account manager and pay for this separately to enable this.

Regards,

Amit

A

alistairk161838Author

Level 3

Thanks both. I'll escalate this internally. Appreciate the feedback.

mroshaw

alistairk16183831 - what was the result of all of this? We're now being told by our SMS provider that we MUST secure our SMPP connection with TLS, so we're in a bit of a bind with hosted AC Classic v6. We're on build 8993.

A

alistairk161838Author

Level 3

mroshaw

Very little I'm afraid, as I understand Adobe will be pushing out a fix to all classic users to enable TLS around August/September but obviously that is some time away yet.

I've escalated the issue and Adobe proposed solution to my PM and am now awaiting further feedback. I suspect we will either source some Adobe engineering resource or see if we can postpone the TLS requirement until the Adobe release.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded