I had a simmilar problem.
My Thing (RaspberryPi) can't connect to the Server. My research showed that SSLv3 was disabled on Server because of the Poodle Exploit (Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback) (SSL Handshake failed, see also security - How do I list the SSL/TLS cipher suites a particular website offers? - Super User)
So i changed the TLS lib to OpenSSL and now everything works.
BTW: i also can't use the NO_TLS switch becauce the server automaticly switches all incomming connections to a secure connection.
Even I am facing same problem. I added line "#define NO_TLS" in my app.c code and called those two APIs. but no luck. I have tried this in previous version and it used to work. But I had changed to No_TLS in some other file, I think it was in .h file. Can not remember which one and now trying to figure out. I do not want TLS for development purpose at all.
I get below errors. If NO_TLS is defined, then it should not start with tls client. Am I right?
DEBUG] 2015-10-20 21:33:30,654: twTlsClient_Create: Initializing TLS Client
[DEBUG] 2015-10-20 21:33:46,809: twTlsClient_Close: Disconnecting from server
[ERROR] 2015-10-20 21:33:46,809: twWs_Create: Error creating BSD socket to be used for the websocket
[ERROR] 2015-10-20 21:33:46,809: twApi_Initialize: Error creating websocket structure
[ERROR] 2015-10-20 21:33:46,809: Error initializing the API
Can you please help
As far as I can tell, the NO_TLS is not used at all, at least I couldn't grep for it. To me it looks like some left-over old macro, which has no effect whatsoever.
What I do for testing is enabling TLS on the Tomcat side and then using the two calls I mentioned to allow self-signed certificates and disable the validity checks. You can see that twApi_DisableCertValidation() actually does tls->validateCert = FALSE, and as soon as you call it from the right place you don't have to do it twice.
You won't be using the SDK without TLS in production anyway, so why wasting your time on turning it off in the first place, when you can leave it on and just generate a dummy certificate? After the testing phase you can configure the real self-signed certificate for axTLS, and for production you'll probably get a real certificate from a CA.