Protecting HTTP connections from a BlackBerry device to content servers and application servers using HTTPS
If a third-party application on a BlackBerry® device can access servers on the Internet, you can configure the BlackBerry MDS Connection Service to use HTTPS to provide additional authentication and security for the connection. The BlackBerry device supports HTTPS in proxy mode using a proxy server or in direct mode using TLS.
If you configure HTTPS using a proxy server, the BlackBerry MDS Connection Service uses cipher suite components of Sun® JSSE version 1.4.1 to open the connection for the BlackBerry device. Typically, HTTP connections open faster using a proxy server than TLS.
If you configure HTTPS using TLS, the BlackBerry MDS Connection Service uses the TLS and WTLS key establishment algorithms, symmetric algorithms, and hash algorithms that the RIM® Cryptographic API supports to open the connection for the BlackBerry device. The BlackBerry device uses TLS to encrypt data that an application sends to content servers. The BlackBerry MDS Connection Service does not decrypt data that it sends over the wireless network. You can use TLS when only the end points of the transaction are trusted (for example, with banking services). A BlackBerry device that is running BlackBerry® Device Software version 3.6.1 or later supports TLS for connections.