<?xml version="1.0" encoding="utf-8"?>

<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->

<!-- This component and the accompanying materials are made available under the terms of the License 

"Eclipse Public License v1.0" which accompanies this distribution, 

and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->

<!-- Initial Contributors:

    Nokia Corporation - initial contribution.

Contributors: 

-->

<!DOCTYPE concept

  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">

<concept xml:lang="en" id="GUID-7A91990F-6271-5EE5-859A-F66BC64CA154"><title>TLS Provider Configuration</title><prolog><metadata><keywords/></metadata></prolog><conbody><p>The TLS (Transport Layer Security) Provider component provides a security interface for use by networking subsystem to implement the TLS networking protocol. </p> <section><title>TLS Provider configuration files</title> <p>The <filepath>tlsprovider</filepath> folder contains the following files: </p> <table id="GUID-DE67EB50-6AAA-5A60-896D-B51EA02A2723"><tgroup cols="3"><colspec colname="col0"/><colspec colname="col1"/><colspec colname="col2"/><thead><row><entry>Files</entry> <entry>Binary</entry> <entry>Description</entry> </row> </thead> <tbody><row><entry><p> <filepath>tlsproviderpolicy.ini</filepath>  </p> </entry> <entry><p>n/a </p> </entry> <entry><p>Initialization file that contains the following property: <codeph>ClientAuthDlgEnabled (true/false)</codeph>. </p> <p>If the property is set to <codeph>true</codeph>, the client authentication dialog is displayed. See <xref href="GUID-7A91990F-6271-5EE5-859A-F66BC64CA154.dita#GUID-7A91990F-6271-5EE5-859A-F66BC64CA154/GUID-5A137B0A-99F3-591C-BD1A-6ACFE64E89AF">TLSPROVIDERPOLICY.INI</xref> for further details. </p> </entry> </row> <row><entry><p> <filepath> SWTLSTOKENTYPE.RSS</filepath>  </p> <p> <filepath>SWTLSTOKENTYPE.RLS</filepath>  </p> </entry> <entry><p> <filepath> SWTLSTOKENTYPE.Rsc</filepath>  </p> </entry> <entry><p>These resource files together define the user interface strings used by the tlsprovider component. </p> </entry> </row> <row><entry><p> <filepath> tlscachetimeouts.rss tlscachetimeouts.rh </filepath>  </p> </entry> <entry><p> <filepath> TlsCacheTimeouts.RSC </filepath>  </p> </entry> <entry><p>Resource files used to customize the certificate acceptance and rejection timeouts (in seconds). </p> </entry> </row> </tbody> </tgroup> </table> </section> <section id="GUID-5A137B0A-99F3-591C-BD1A-6ACFE64E89AF"><title>TLSPROVIDERPOLICY.INI</title> <p>There are two forms of authentication in TLS: </p> <ul><li id="GUID-BD6785B3-3286-547B-BE35-694063DBFAB0"><p>one-way authentication </p> </li> <li id="GUID-C88BD7BC-D267-5EAE-9D00-081F6EF2B422"><p>mutual authentication </p> </li> </ul> <p>In one-way authentication, only the server is authenticated. The end-user can be sure with whom they are communicating. For example, the end user needs to be sure it is communicating with <codeph>www.amazon.com</codeph> before purchasing an item from them. In mutual authentication, both the client and server authenticate each other. </p> <p>The <filepath>tlsproviderpolicy.ini</filepath> is an initialization file stored in the <filepath>securityconfig</filepath> component that allows device creators to control how TLS Provider is configured. It currently has only one property: <codeph>ClientAuthDlgEnabled</codeph>. <codeph>ClientAuthDlgEnabled</codeph> controls how client authentication is handled in mutual authentication. </p> <ul><li id="GUID-D3E815F3-69A3-5B0F-A1C0-C25DB084E695"><p>If <codeph>ClientAuthDlgEnabled</codeph> is set to <codeph>true</codeph>, as in the following example, a dialog is presented to the phone user asking them to select a client certificate for the server to authenticate. </p> <codeblock id="GUID-C2D8B88A-A595-57BC-B8AE-9B5A8198AB75" xml:space="preserve">ClientAuthDlgEnabled = true</codeblock> </li> <li id="GUID-A985E587-6688-534B-AC72-C8F60503261F"><p>If <codeph>ClientAuthDlgEnabled</codeph> is set to <codeph>false</codeph>, the dialog is suppressed, and the first certificate from a filtered list of certificates (filtered by Issuer DN on server certificate) is sent. </p> </li> </ul> <p>The <filepath>tlsproviderpolicy.ini</filepath> file can be extended to contain more properties. </p> </section> <section><title>Enabling Tlsprovider debug logs</title> <p>Create a directory <codeph>c:\logs\tlsprovider\</codeph> (that is at, <codeph>\epoc32\winscw\c\logs\tlsprovider</codeph>) directory to enable <codeph>tlsprovider</codeph> logging. </p> </section> <section><title>See also</title> <p><xref href="GUID-2BB17FB4-07A9-52E3-A650-570A16FA771D.dita">Security Config Overview</xref>  </p> </section> </conbody></concept>