Help Center

Local Navigation

How a Wi-Fi enabled BlackBerry device can connect to the BlackBerry Infrastructure

A Wi-Fi® enabled BlackBerry® device can connect directly to the BlackBerry® Infrastructure over the Internet to access the data services that a wireless service provider offers, even if UMA is not available. If UMA is available, the BlackBerry device can also access the voice services. A direct connection from the BlackBerry device to the BlackBerry Infrastructure is an alternative to the connection from the BlackBerry device to the BlackBerry Infrastructure over the mobile network. If a user’s wireless service provider makes UMA technology (also known as GAN technology) available, and the user subscribes to the UMA feature, the BlackBerry device is designed to open an SSL connection to the GANC using an IPSec VPN tunnel over an enterprise Wi-Fi network.

The BlackBerry device and BlackBerry Infrastructure send all data to each other over an SSL connection. The SSL connection is designed to encrypt the data that the BlackBerry device and BlackBerry Infrastructure send between each other.

How an SSL connection between a Wi-Fi enabled BlackBerry device and the BlackBerry Infrastructure protects data

An SSL connection between a Wi-Fi® enabled BlackBerry® device and the BlackBerry® Infrastructure is designed to provide the same protection that an SRP connection between the BlackBerry® Enterprise Server and BlackBerry Infrastructure provides. It is designed so that a potentially malicious user cannot use the SSL connection to send data to or receive data from the BlackBerry device.

If a potentially malicious user tries to impersonate the BlackBerry Infrastructure, the BlackBerry device is designed to prevent the connection. The BlackBerry device verifies whether the public key of the SSL certificate of the BlackBerry Infrastructure matches the private key of the root certificate that is preloaded on the BlackBerry device during the manufacturing process. If a user accepts a certificate that is not valid, the connection cannot open unless the BlackBerry device can also authenticate with a valid BlackBerry Enterprise Server or valid BlackBerry® Internet Service.

Process flow: Opening an SSL connection between the BlackBerry Infrastructure and a Wi-Fi enabled BlackBerry device

  1. A Wi-Fi® enabled BlackBerry® device sends a request to the BlackBerry® Infrastructure to open an SSL connection.
  2. The BlackBerry Infrastructure sends its SSL certificate to the BlackBerry device.
  3. The BlackBerry device uses a root certificate that is preloaded on the BlackBerry device to verify the SSL certificate. If the user deleted the root certificate, the BlackBerry device prompts the user to trust the SSL certificate.
  4. The BlackBerry device opens the SSL connection.

Cipher suites that a Wi-Fi enabled BlackBerry device supports for opening SSL connections and TLS connections

A Wi-Fi® enabled BlackBerry® device supports various cipher suites for direct mode SSL/TLS when the BlackBerry device opens SSL connections or TLS connections to the BlackBerry® Infrastructure or to web servers that are external to your organization.

The BlackBerry device supports the following cipher suites, in order, when it opens SSL connections:
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_DHE_RSA_WITH_DES_CBC_SHA
  • SSL_DH_anon_WITH_RC4_128_MD5
  • SSL_DHE_DSS_WITH_DES_CBC_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
  • SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  • SSL_DH_anon_WITH_DES_CBC_SHA
  • SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
  • SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
The BlackBerry device supports the following cipher suites, in order, when it opens TLS connections:
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_RC4_128_MD5
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DH_anon_WITH_AES_128_CBC_SHA
  • TLS_DH_anon_WITH_AES_256_CBC_SHA
  • TLS_DH_anon_WITH_RC4_128_MD5
  • TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_RSA_WITH_DES_CBC_SHA
  • TLS_DHE_DSS_WITH_DES_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
  • TLS_RSA_EXPORT_WITH_RC4_40_MD5
  • TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  • TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  • TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
  • TLS_DH_anon_WITH_DES_CBC_SHA
  • TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
  • TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

Was this information helpful? Send us your comments.