Skip to content

TLS Support

Transport Layer Security (TLS)

Opendnp3 provides support for TLS with mutual authentication using ASIO's C++ wrapper around openssl.

Bulding the library with TLS support provides two additional channel types: TLSServer and TLSClient.

DNP3Manager has provides methods for creating these channel types which take an additional configuration structure called TLSConfig.

Each side of the TLS channel must provide 3 items:

  • A certificate (either self-signed or root certificate) that will be used to authenticate the peer certificate.
  • A local certificate, or certificate chain, to send to the peer.
  • A private key corresponding to the public key in the local certificate used to authenticate.

Refer to the documentation for TLSConfig for details.

There are example certificates and private keys in thecpp\tests\asiotests\certs directory. These certificates are examples only and used in component tests to ensure openssl can perform a sucessful handshake.

Important

All keys and certificates must be provided in the PEM format