TLS handshake error -3b00 on nRF7002

RE: TLS handshake error -3b00 on nRF7002

Simonr — Thu, 29 Jun 2023 08:01:20 GMT

Hi again Kyle

Torbjørn has been working on this issue in the other case I mentioned, and was able to find a fix, although not thoroughly explained that seems to get TLS working by changing the crypto backend used. Please give it a go and see if that helps on your end as well: RE: nRF7002DK and TLS Sockets -7100 error

Best regards,
Simon

RE: TLS handshake error -3b00 on nRF7002

Simonr — Thu, 22 Jun 2023 10:42:36 GMT

Hi Kyle

Error -0x7100 means that there was bad input parameters to a function. So if this is before or after the invalid PUBKEY error depends on what function returns the bad input parameter error. WIthout knowing the details, since they both are trigged in the handshake process I would think the input parameters are checked before the handshake is started and the fact that the PUBKEY is invalid is discovered.

Best regards,

Simon

RE: TLS handshake error -3b00 on nRF7002

Kyle1 — Tue, 20 Jun 2023 15:52:08 GMT

Looks like there will not be a solution on that one until after the summer.

Do you know if the -0x7100 an error is one that occurs further along in the handshake process than -0x3b00? or which one would get triggered first? Is there a place I could look to find that out?

RE: TLS handshake error -3b00 on nRF7002

Simonr — Tue, 20 Jun 2023 12:50:12 GMT

Unfortunately I didn't find much more information for you. We don't have a sample for connecting to a HTTPS server I'm afraid. This case has another DevZone user struggling with the connecting the nRF7002 to a HTTPS server as well, maybe you get some ideas from there. What we have seen is that setting up domains like "example.com" is simpler than using the big domains like "google.com".

Best regards,

Simon

RE: TLS handshake error -3b00 on nRF7002

Simonr — Mon, 19 Jun 2023 13:22:13 GMT

Hi Kyle

I'm currently researching and asking around internally if we have any sample projects for connecting to an HTTPS server, but it doesn't seem like it as of yet. I'll dig some more and get back to you. From what I can see the issue seems to be with configuring the mbedtls and its buffers correctly to work with the added security.

I'll try to get back with more details tomorrow. Thank you for your patience!

Best regards,

Simon

RE: TLS handshake error -3b00 on nRF7002

Kyle1 — Thu, 15 Jun 2023 12:09:02 GMT

Thanks for the link, I already have that code merged in with the STA example for basic HTTP requests and have that working successfully, however for what I am doing I need to added security using HTTPS, which is where the problem seams to be. The server I am connecting to only allows HTTPS requests.

Would there be something chip side that is not allowing it to connect to any HTTPS server?

I use tls_credential_add to add the Certificate in the der format for the server I am connecting to and also set socket options (as shown)

// Create Socket
	sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TLS_1_2); // IPPROTO_TCP //IPPROTO_TLS_1_2
	if (sock < 0) {
		printk("Error creating socket\n");
		return(-1);
	}
	// TLS settings
	sec_tag_t sec_tag_opt[] = {
		CA_CERTIFICATE_TAG,
	};
	setsockopt(sock, SOL_TLS, TLS_SEC_TAG_LIST,
			 sec_tag_opt, sizeof(sec_tag_opt));

	setsockopt(sock, SOL_TLS, TLS_HOSTNAME,
			 SERVER_HOSTNAME, sizeof(SERVER_HOSTNAME));

RE: TLS handshake error -3b00 on nRF7002

Simonr — Thu, 15 Jun 2023 06:46:14 GMT

Sorry, here's the GitHub link I referred to: https://github.com/craigpeacock/Zephyr_WiFi/blob/main/README.md

Here on DevZone we never speculate or discuss future releases or products, as we strive to focus on the currently available solutions. If you want information on future releases, please contact the regional sales manager (RSM) of your area, as they'll be able to share info on what's planned for when, etc. Let me know if you need help reaching out to your local RSM.

Best regards,

Simon

RE: TLS handshake error -3b00 on nRF7002

Kyle1 — Wed, 14 Jun 2023 13:06:14 GMT

Thanks for the response, It looks like the links did not come through though. Is there an ETA for when a official sample project might become available?

RE: TLS handshake error -3b00 on nRF7002

Simonr — Wed, 14 Jun 2023 12:45:51 GMT

The error message "-0x3b00" (MBEDTLS_ERR_PK_INVALID_PUBKEY) points to the pubkey tag or value being invalid. Only RSA and EC are supported here. We don't have an official sample project doing this for the nRF7002 as of yet, but one of the DevZone users posted this link to his GitHub repo that is a simple Zephyr Wi-Fi code that at least can do http_get and has been tested (by this DevZone user to work for the nRF7002 on NCS 2.2.0 and 2.3.0.

Best regards,

Simon