TLS Provider Configuration

The TLS (Transport Layer Security) Provider component provides a security interface for use by networking subsystem to implement the TLS networking protocol.

TLS Provider configuration files

The tlsprovider folder contains the following files:

Files Binary Description

tlsproviderpolicy.ini

n/a

Initialization file that contains the following property: ClientAuthDlgEnabled (true/false).

If the property is set to true, the client authentication dialog is displayed. See TLSPROVIDERPOLICY.INI for further details.

SWTLSTOKENTYPE.RSS

SWTLSTOKENTYPE.RLS

SWTLSTOKENTYPE.Rsc

These resource files together define the user interface strings used by the tlsprovider component.

tlscachetimeouts.rss tlscachetimeouts.rh

TlsCacheTimeouts.RSC

Resource files used to customize the certificate acceptance and rejection timeouts (in seconds).

TLSPROVIDERPOLICY.INI

There are two forms of authentication in TLS:

  • one-way authentication

  • mutual authentication

In one-way authentication, only the server is authenticated. The end-user can be sure with whom they are communicating. For example, the end user needs to be sure it is communicating with www.amazon.com before purchasing an item from them. In mutual authentication, both the client and server authenticate each other.

The tlsproviderpolicy.ini is an initialization file stored in the securityconfig component that allows device creators to control how TLS Provider is configured. It currently has only one property: ClientAuthDlgEnabled. ClientAuthDlgEnabled controls how client authentication is handled in mutual authentication.

  • If ClientAuthDlgEnabled is set to true, as in the following example, a dialog is presented to the phone user asking them to select a client certificate for the server to authenticate.

    ClientAuthDlgEnabled = true
  • If ClientAuthDlgEnabled is set to false, the dialog is suppressed, and the first certificate from a filtered list of certificates (filtered by Issuer DN on server certificate) is sent.

The tlsproviderpolicy.ini file can be extended to contain more properties.

Enabling Tlsprovider debug logs

Create a directory c:\logs\tlsprovider\ (that is at, \epoc32\winscw\c\logs\tlsprovider) directory to enable tlsprovider logging.