Implementing the Secure Socket Layer (SSL) protocol

This information applies to VoiceXML and CCXML applications only.

The Secure Socket Layer (SSL) protocol provides authentication and data security. It encapsulates a TCP/IP socket and is used by TCP/IP applications that require secure communications. SSL is a low-level authentication and encryption service used by higher-level applications. SSL allows encrypted and secure exchange transmission between a VoiceXML browser instance and an HTTPS Web application server. Only SSL version 3 is supported by the Blueworx Voice Response Java and VoiceXML environment.

To implement secure communications within your deployment environment, your Web-based voice application must point to a secure Web application server using the HTTPS protocol.

In the Blueworx Voice Response connection environment, specify https as the transfer protocol in your URIs.

Example of using HTTPS as the transfer protocol in default.cff for a managed Voice XML application:

AppName=weather
 Enabled=yes
 Parameter=URI,https://my.secureserver/samples/weather.vxml
 AppClass=com.ibm.wvr.vxml2.DTVoicelet2
;

Example of using HTTPS as the transfer protocol in default.cff for a CCXML application:

#CCXML Service definition
CCXService=ccxml1
  Enabled=yes
  InitialURI=https://server.name/document.ccxml
  DefAppService=Node1
  CacheLimit=16M

Example of using HTTPS as the transfer protocol in an unmanaged VoiceXML application:

vxml2 https://my.secureserver/samples/weather.vxml

Example of using HTTPS as the transfer protocol inside a Voice XML document:

<goto next="https://my.secureserver/next.vxml" />

The encryption algorithm used for the secure transmission is automatically negotiated between the VoiceXML or CCXML browser and the Web application server hosting the Web-based voice application. An optimal encryption algorithm is chosen.

Supported digital certificates

Server authentication is the only method supported between a Web application server hosting a Web-based voice application (using HTTPS protocol) and the VoiceXML browser. For server authentication, the Web application server must have one of the digital certificates based on the X.509 standard below. The trusted third-parties, or signer certificates, verify the identification of a certificate holder. The certificate holders that are installed with Blueworx Voice Response include:

Thawte Server CA
Verisign Class 1 Public Primary Certification Authority
Thawte Personal Basic CA
Verisign Class 3 Public Primary Certification Authority
Verisign Test CA Root Certificates
Verisign Class 2 Public Primary Certification Authority
RSA Secure Server Certification Authority
Thawte Premium Server CA
Thawte Personal Freemail CA
Thawte Personal Premium CA

The digital certificate is used to authenticate the Web server to the VoiceXML browser. During the initial SSL handshake, the Web server supplies the VoiceXML browser with its X.509 certificate. If the VoiceXML browser validates the Web server's certificate, a secure encrypted communication channel is established between the Web server and the VoiceXML browser. You must make sure that the Web server hosting the VoiceXML browser application supports one of the digital certificates listed above.