Transfer to TLS

Avatar

Avatar

alistairk161838

Avatar

alistairk161838

alistairk161838

22-05-2018

Hi,

We currently use an SMPP connection on port 8100, we have had a requirement from our provider to transfer to an encrypted connection which would be TLS 1.1 (or higher) on port 8143.

How best to accomplish this? Will modifying the MX rules to use TLS and changing the port be enough or will there need to be some server side modification?

Thanks in advance

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

Amit_Kumar

MVP

Avatar

Amit_Kumar

MVP

Amit_Kumar
MVP

23-05-2018

Hi Alistair,

It's not a straightforward process.

Prerequisite:

Can you check if your customer is on version 6.1.0? if yes then you need to upgrade to build 8192 at least to use TLS1.1

Current status:

Adobe Campaign technical support can provide you the stack trace and in stack trace look for protocol versions, whether it's TLS v1.0 or TLS v1.1? If yes, you can simply change the MX management rules and it will work for you.

Implementation:

If you have access to serverConf.xml configuration file, then you can check the configurations if it's which is applied. If not configure it by installing the proper SSL certificate and allowing following configurations on the server.

SSLProtocol: all -SSLv3 -TLSv1 -TLSv1.1

Docs for TLS and SSL:     

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol

Security/Server Side TLS - MozillaWiki

or simply raise a neolane support ticket to enable TLS 1.1 and if possible TLS1.2 as in future everyone is moving towards 1.2(at the moment not possible with Adobe campaign??)

Regards,

Amit

Answers (9)

Answers (9)

Avatar

Avatar

Amit_Kumar

MVP

Avatar

Amit_Kumar

MVP

Amit_Kumar
MVP

03-06-2018

Hi Vipul Raghav & Alistair,

I have reached out to my team and just to confirm how did they enabled it, You are correct Tech support will not be able to enable this for you. In our case, it was Adobe Consulting/Engineering team as they have access to SMPPConnector.java and smpp34.jsp.

we had to involve our Account manager and pay for this separately to enable this.

Regards,

Amit

Avatar

Avatar

Vapsy

Employee

Avatar

Vapsy

Employee

Vapsy
Employee

01-06-2018

Hi Alistair,

For Adobe hosted customers we currently don't have this option. An improvement is in pipeline to enable the SMS connector to work with encrypted channels but it is with the product management.

At the moment, unfortunately, you cannot make the communication SSL based.

If the instance was on-prem few customers make use of VPN tunneling but it is not supported by tech-ops.

Regards,
Vipul

Avatar

Avatar

alistairk161838

Avatar

alistairk161838

alistairk161838

25-06-2018

mroshaw

Very little I'm afraid, as I understand Adobe will be pushing out a fix to all classic users to enable TLS around August/September but obviously that is some time away yet.

I've escalated the issue and Adobe proposed solution to my PM and am now awaiting further feedback. I suspect we will either source some Adobe engineering resource or see if we can postpone the TLS requirement until the Adobe release.

Avatar

Avatar

mroshaw

Avatar

mroshaw

mroshaw

20-06-2018

alistairk16183831​ - what was the result of all of this? We're now being told by our SMS provider that we MUST secure our SMPP connection with TLS, so we're in a bit of a bind with hosted AC Classic v6. We're on build 8993.

Avatar

Avatar

alistairk161838

Avatar

alistairk161838

alistairk161838

04-06-2018

Thanks both. I'll escalate this internally. Appreciate the feedback.

Avatar

Avatar

alistairk161838

Avatar

alistairk161838

alistairk161838

01-06-2018

Hi Amit,

Tech Ops seem to think that TLS is not an option? They have a link to this thread with your advice on the SSL Certificate configuration but have come back with the following;

"As per them TLS is not supported for SMPP. It is the way campaign is designed, that the SMPP connector does not support TLS."

Thoughts? As this is a fully hosted solution I'm slightly at the mercy of the Tech Ops team.

Amit Kumar

Adhiyan

daniell35335226

Vipul Raghav

Avatar

Avatar

alistairk161838

Avatar

alistairk161838

alistairk161838

23-05-2018

Thanks Amit - I'll get the ticket raised and point them at this topic .

Avatar

Avatar

Amit_Kumar

MVP

Avatar

Amit_Kumar

MVP

Amit_Kumar
MVP

23-05-2018

Hi Alistair,

No, you need not do that as this is a part of the process while setting up theTLS1.1 for SMPP connectors. If they don't do it(Maybe some support guys over neolane, forgets to do it), ask them to do it for you as they will be able to troubleshoot the test connection(something doesn't go as planned) as they will have access to stack trace at the server.

Regards,

Amit

Avatar

Avatar

alistairk161838

Avatar

alistairk161838

alistairk161838

23-05-2018

Thanks Amit,

We are on v7, 8857 and have no access to the serverconf.xml. So I'll need to raise a ticket to support for this. Do we then need to apply the Default Configuration in the MX rules once this has been completed by support or will it just work once the new port has been applied to the external account?