NRF SDK supported TLS/SSL algorithmshttps://devzone.nordicsemi.com/f/nordic-q-a/100994/nrf-sdk-supported-tls-ssl-algorithmsI have a 9160 application that was successfully working using TLS to connect to my server using TLS wrapped sockets. I am moving to a new customer server, and they provided the ca, cert, and key. I loaded the certs on my device but keep receiving socketen-USTelligent Community 13Tue, 20 Jun 2023 07:24:56 GMTRE: NRF SDK supported TLS/SSL algorithmshttps://devzone.nordicsemi.com/thread/431886?ContentTypeID=1Tue, 20 Jun 2023 07:24:56 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0c0b604d-6d62-4cf9-adfb-d2286bd7034a&#216;yvind<p>Hello,&nbsp;<br /><br />Are you able to share some information on what modem FW and SDK version you are running? Assuming it is the same as in case 305164.</p> <p>Here are the limitations of modem FW v1.3.1</p> <p><pre class="ui-code" data-mode="powershell">*** Limitations *************** - TLS/DTLS - Up to three simultaneous TLS/DTLS connections are possible. - Maximum server certificate chain size has a limit of 4kB. - Server certificate expiry time is not verified. - pkcs#8 is not supported. - Absolute maximum number of supported credentials is 32. The actual amount depends on size of credentials as memory area reserved for credentials may be a limiting factor as well. - DTLS supports PSK authentication only. - 2kB secure socket buffer size. - Maximum number of raw sockets is 4. - It is recommended to free the modem resources by closing unused network sockets. - User plane data is supported in Cat M1 mode only. - TLS is not supported when socket is configured to TCP server mode. - Support for Non-IP Data Delivery (NIDD). Feature is verified only for NB-IoT and LTE-M is not supported. - The amount of ownership keys is restricted to one. Multiple instances are not allowed. Starting from mfw_nrf9160_1.3.1, it is not allowed to write ownership key with AT%CMNG AT command. As this change introduces incompatibility between older modem firmware versions, it is recommended to pay special attention to this change. - Downgrading to older modem firmware - Keys and certificates written with credential storage management AT commands might get erased if older than mfw_nrf9160_1.3.0 modem firmware version is downgraded to a device. If downgrading, it is compulsory to check existence of keys and possibly re-write erased keys and certificates. - AT command configurations written and stored to a non-volatile memory will get erased from the memory if old modem firmware is downgraded to a device and that old version does not support the AT commands.</pre></p> <p>The&nbsp;issue might be the certs length. If the certificates are from a web server these are often larger than what our device support.&nbsp;<br /><br /><br />The error 104 could be&nbsp;</p> <div> <div><span style="font-family:&#39;courier new&#39;, courier;">#define ECONNRESET 104 &nbsp; /**&lt; Connection reset by peer */</span></div> <div><span><br />But I will need more logs and a modem trace in order to know what exactly is the issue here.</span></div> <div><span></span></div> <div><span>Kind regards,<br />Øyvind</span></div> <div><span></span></div> </div><div style="clear:both;"></div>