nRF9161 - Ciphersuites sample - example.com refuses all Ciphersuites.

Hi,

Which board do you use?

Best regards,
Dejan

nRF9161-DK 

I have a modem trace

No. Time Source Destination Protocol Length Info
1 0.000000 AT 30 Sent AT Command: AT%XMODEMTRACE=1,2
2 0.001068 AT 16 Rcvd AT Command: OK 
3 0.001678 AT 35 Sent AT Command: AT%XCOEX0=1,1,1565,1586
4 0.001770 AT 16 Rcvd AT Command: OK 
5 0.002441 AT 34 Sent AT Command: AT%XSYSTEMMODE=1,1,1,3
6 0.002716 AT 16 Rcvd AT Command: OK 
7 0.003204 AT 21 Sent AT Command: AT+CPSMS=
8 0.003295 AT 16 Rcvd AT Command: OK 
9 0.004028 AT 28 Sent AT Command: AT%FEACONF=0,0,0
10 0.004058 AT 16 Rcvd AT Command: OK 
11 0.004547 AT 23 Sent AT Command: AT+CEDRXS=3
12 0.004577 AT 16 Rcvd AT Command: OK 
13 0.005279 AT 20 Sent AT Command: AT%RAI=0
14 0.005310 AT 16 Rcvd AT Command: OK 
15 0.005828 AT 20 Sent AT Command: AT+CMEE?
16 0.005828 AT 26 Rcvd AT Command: +CMEE: 0 OK 
17 0.006347 AT 21 Sent AT Command: AT+CMEE=1
18 0.006378 AT 16 Rcvd AT Command: OK 
19 0.006896 AT 19 Sent AT Command: AT%CMNG
20 0.034423 AT 21 Rcvd AT Command: Sensitive
21 0.034973 AT 21 Sent AT Command: AT+CMEE=0
22 0.034973 AT 16 Rcvd AT Command: OK 
23 0.035522 AT 20 Sent AT Command: AT+CMEE?
24 0.035552 AT 26 Rcvd AT Command: +CMEE: 0 OK 
25 0.036071 AT 21 Sent AT Command: AT+CMEE=1
26 0.036102 AT 16 Rcvd AT Command: OK 
27 0.036621 AT 19 Sent AT Command: AT%CMNG
28 0.038085 AT 21 Rcvd AT Command: Sensitive
29 0.045349 AT 21 Sent AT Command: AT+CMEE=0
30 0.045379 AT 16 Rcvd AT Command: OK 
31 0.054290 AT 20 Sent AT Command: AT+CMEE?
32 0.054321 AT 26 Rcvd AT Command: +CMEE: 0 OK 
33 0.054840 AT 21 Sent AT Command: AT+CMEE=1
34 0.054870 AT 16 Rcvd AT Command: OK 
35 0.055389 AT 19 Sent AT Command: AT%CMNG
36 0.139678 AT 16 Rcvd AT Command: OK 
37 0.140228 AT 21 Sent AT Command: AT+CMEE=0
38 0.140258 AT 16 Rcvd AT Command: OK 
39 0.149353 AT 20 Sent AT Command: AT+CMEE?
40 0.149383 AT 26 Rcvd AT Command: +CMEE: 0 OK 
41 0.149902 AT 21 Sent AT Command: AT+CMEE=1
42 0.149932 AT 16 Rcvd AT Command: OK 
43 0.158569 AT 19 Sent AT Command: AT%CMNG
44 0.240814 AT 16 Rcvd AT Command: OK 
45 0.241333 AT 21 Sent AT Command: AT+CMEE=0
46 0.241363 AT 16 Rcvd AT Command: OK 
47 0.250091 AT 21 Sent AT Command: AT+CEREG?
48 0.250183 AT 29 Rcvd AT Command: +CEREG: 0,4 OK 
49 0.250671 AT 20 Sent AT Command: AT+CFUN?
50 0.250762 AT 26 Rcvd AT Command: +CFUN: 0 OK 
51 0.251281 AT 22 Sent AT Command: AT+CEREG=5
52 0.251312 AT 16 Rcvd AT Command: OK 
53 0.251861 AT 22 Sent AT Command: AT+CSCON=1
54 0.251892 AT 16 Rcvd AT Command: OK 
55 0.252349 AT 21 Sent AT Command: AT+CFUN=1
56 0.291442 AT 16 Rcvd AT Command: OK 
57 1.195098 LTE RRC BCCH_BCH 28 MasterInformationBlock (SFN=86)
58 1.199035 LTE RRC DL_SCH 117 SystemInformationBlockType1
59 1.255157 LTE RRC DL_SCH 117 SystemInformation [ SIB2 SIB3 ]
60 1.260253 NAS-EPS 109 Attach request, PDN connectivity request
61 1.260925 AT 43 Rcvd AT Command: +CEREG: 2,"7576","008AC407",7 
62 1.275634 LTE RRC UL_CCCH 30 RRCConnectionRequest
63 1.317443 LTE RRC DL_CCCH 74 RRCConnectionSetup
64 1.318573 LTE RRC UL_DCCH/NAS-EPS 128 RRCConnectionSetupComplete, Attach request, PDN connectivity request
65 1.320007 AT 23 Rcvd AT Command: +CSCON: 1 
66 7.819702 LTE RRC DL_DCCH 27 SecurityModeCommand
67 7.821472 LTE RRC UL_DCCH 26 SecurityModeComplete
68 8.560729 LTE RRC DL_DCCH 66 UECapabilityEnquiry
69 8.562713 LTE RRC UL_DCCH 150 UECapabilityInformation
70 8.678863 LTE RRC DL_DCCH/NAS-EPS 189 RRCConnectionReconfiguration, Ciphered message
71 8.680389 LTE RRC UL_DCCH 26 RRCConnectionReconfigurationComplete
72 8.680725 NAS-EPS 148 Attach accept, Activate default EPS bearer context request (PDN type IPv4 only allowed)
73 8.681365 NAS-EPS 23 Attach complete, Activate default EPS bearer context accept
74 8.681488 LTE RRC UL_DCCH/NAS-EPS 40 ULInformationTransfer, Ciphered message
75 8.800872 LTE RRC DL_DCCH/NAS-EPS 54 DLInformationTransfer, Ciphered message
76 8.802673 NAS-EPS 43 EMM information
77 8.803558 AT 67 Rcvd AT Command: +CEREG: 5,"7576","008AC407",7,,,"11100000","11100000" 
79 8.883789 LTE RRC DL_DCCH 76 RRCConnectionReconfiguration
80 8.884704 LTE RRC UL_DCCH 26 RRCConnectionReconfigurationComplete
170 13.990081 AT 21 Sent AT Command: AT+CFUN=0
171 13.991424 NAS-EPS 31 Detach request (Combined EPS/IMSI detach / switch-off)
172 13.991577 LTE RRC UL_DCCH/NAS-EPS 48 ULInformationTransfer, Ciphered message
173 14.018371 AT 23 Rcvd AT Command: +CEREG: 0 
174 14.158935 LTE RRC DL_DCCH 26 RRCConnectionRelease [cause=other]
175 14.240692 AT 23 Rcvd AT Command: +CSCON: 0 
176 15.065704 AT 16 Rcvd AT Command: OK 
78 8.804992 100.85.255.204 172.30.8.5 DNS 69 Standard query 0x27ec A example.com
82 9.015350 100.85.255.204 93.184.215.14 TCP 56 64196 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
84 9.276977 100.85.255.204 93.184.215.14 TCP 52 64196 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
85 9.284759 100.85.255.204 93.184.215.14 TCP 52 64196 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
86 9.294769 100.85.255.204 93.184.215.14 TCP 56 64197 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
88 9.596008 100.85.255.204 93.184.215.14 TCP 52 64196 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
90 9.596984 100.85.255.204 93.184.215.14 TCP 52 64197 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
91 9.604705 100.85.255.204 93.184.215.14 TCP 52 64197 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
92 9.614776 100.85.255.204 93.184.215.14 TCP 56 64198 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
94 9.923034 100.85.255.204 93.184.215.14 TCP 52 64197 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
96 9.924041 100.85.255.204 93.184.215.14 TCP 52 64198 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
97 9.931457 100.85.255.204 93.184.215.14 TCP 52 64198 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
98 9.941375 100.85.255.204 93.184.215.14 TCP 56 64199 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
100 10.240997 100.85.255.204 93.184.215.14 TCP 52 64198 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
102 10.241973 100.85.255.204 93.184.215.14 TCP 52 64199 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
103 10.249389 100.85.255.204 93.184.215.14 TCP 52 64199 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
104 10.259002 100.85.255.204 93.184.215.14 TCP 56 64200 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
106 10.561096 100.85.255.204 93.184.215.14 TCP 52 64200 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
108 10.562042 100.85.255.204 93.184.215.14 TCP 52 64199 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
109 10.569396 100.85.255.204 93.184.215.14 TCP 52 64200 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
110 10.579406 100.85.255.204 93.184.215.14 TCP 56 64201 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
112 10.877105 100.85.255.204 93.184.215.14 TCP 52 64201 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
114 10.878082 100.85.255.204 93.184.215.14 TCP 52 64200 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
115 10.885498 100.85.255.204 93.184.215.14 TCP 52 64201 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
116 10.895416 100.85.255.204 93.184.215.14 TCP 56 64202 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
118 11.203033 100.85.255.204 93.184.215.14 TCP 52 64201 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
120 11.203979 100.85.255.204 93.184.215.14 TCP 52 64202 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
121 11.211425 100.85.255.204 93.184.215.14 TCP 52 64202 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
122 11.220642 100.85.255.204 93.184.215.14 TCP 56 64203 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
124 11.518066 100.85.255.204 93.184.215.14 TCP 52 64202 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
126 11.519042 100.85.255.204 93.184.215.14 TCP 52 64203 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
127 11.526458 100.85.255.204 93.184.215.14 TCP 52 64203 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
128 11.536071 100.85.255.204 93.184.215.14 TCP 56 64204 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
130 11.839141 100.85.255.204 93.184.215.14 TCP 52 64204 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
132 11.840087 100.85.255.204 93.184.215.14 TCP 52 64203 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
133 11.847442 100.85.255.204 93.184.215.14 TCP 52 64204 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
134 11.856658 100.85.255.204 93.184.215.14 TCP 56 64205 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
136 12.158203 100.85.255.204 93.184.215.14 TCP 52 64205 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
138 12.159118 100.85.255.204 93.184.215.14 TCP 52 64204 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
139 12.166503 100.85.255.204 93.184.215.14 TCP 52 64205 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
140 12.175689 100.85.255.204 93.184.215.14 TCP 56 64206 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
142 12.479156 100.85.255.204 93.184.215.14 TCP 52 64206 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
144 12.480102 100.85.255.204 93.184.215.14 TCP 52 64205 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
145 12.487487 100.85.255.204 93.184.215.14 TCP 52 64206 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
146 12.497039 100.85.255.204 93.184.215.14 TCP 56 64207 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
148 12.796142 100.85.255.204 93.184.215.14 TCP 52 64206 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
150 12.797149 100.85.255.204 93.184.215.14 TCP 52 64207 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
151 12.804840 100.85.255.204 93.184.215.14 TCP 52 64207 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
152 12.814941 100.85.255.204 93.184.215.14 TCP 56 64208 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
154 13.280120 100.85.255.204 93.184.215.14 TCP 52 64207 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
156 13.281066 100.85.255.204 93.184.215.14 TCP 52 64208 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
157 13.288513 100.85.255.204 93.184.215.14 TCP 52 64208 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
158 13.298583 100.85.255.204 93.184.215.14 TCP 56 64209 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
160 13.596191 100.85.255.204 93.184.215.14 TCP 52 64208 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
162 13.597167 100.85.255.204 93.184.215.14 TCP 52 64209 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
163 13.604827 100.85.255.204 93.184.215.14 TCP 52 64209 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
164 13.614959 100.85.255.204 93.184.215.14 TCP 56 64210 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
166 13.921234 100.85.255.204 93.184.215.14 TCP 52 64210 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
168 13.922180 100.85.255.204 93.184.215.14 TCP 52 64209 → 443 [ACK] Seq=2 Ack=2 Win=6371 Len=0
169 13.929534 100.85.255.204 93.184.215.14 TCP 52 64210 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0
81 8.999847 172.30.8.5 100.85.255.204 DNS 85 Standard query response 0x27ec A example.com A 93.184.215.14
83 9.276824 93.184.215.14 100.85.255.204 TCP 56 443 → 64196 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
87 9.595916 93.184.215.14 100.85.255.204 TCP 52 443 → 64196 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
89 9.596801 93.184.215.14 100.85.255.204 TCP 56 443 → 64197 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
93 9.922943 93.184.215.14 100.85.255.204 TCP 52 443 → 64197 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
95 9.923858 93.184.215.14 100.85.255.204 TCP 56 443 → 64198 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
99 10.240905 93.184.215.14 100.85.255.204 TCP 52 443 → 64198 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
101 10.241790 93.184.215.14 100.85.255.204 TCP 56 443 → 64199 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
105 10.560913 93.184.215.14 100.85.255.204 TCP 56 443 → 64200 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
107 10.561920 93.184.215.14 100.85.255.204 TCP 52 443 → 64199 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
111 10.876953 93.184.215.14 100.85.255.204 TCP 56 443 → 64201 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
113 10.877960 93.184.215.14 100.85.255.204 TCP 52 443 → 64200 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
117 11.202941 93.184.215.14 100.85.255.204 TCP 52 443 → 64201 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
119 11.203826 93.184.215.14 100.85.255.204 TCP 56 443 → 64202 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
123 11.517974 93.184.215.14 100.85.255.204 TCP 52 443 → 64202 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
125 11.518859 93.184.215.14 100.85.255.204 TCP 56 443 → 64203 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
129 11.838989 93.184.215.14 100.85.255.204 TCP 56 443 → 64204 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
131 11.839965 93.184.215.14 100.85.255.204 TCP 52 443 → 64203 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
135 12.158020 93.184.215.14 100.85.255.204 TCP 56 443 → 64205 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
137 12.159027 93.184.215.14 100.85.255.204 TCP 52 443 → 64204 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
141 12.479003 93.184.215.14 100.85.255.204 TCP 56 443 → 64206 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
143 12.479980 93.184.215.14 100.85.255.204 TCP 52 443 → 64205 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
147 12.796051 93.184.215.14 100.85.255.204 TCP 52 443 → 64206 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
149 12.796966 93.184.215.14 100.85.255.204 TCP 56 443 → 64207 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
153 13.280029 93.184.215.14 100.85.255.204 TCP 52 443 → 64207 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
155 13.280914 93.184.215.14 100.85.255.204 TCP 56 443 → 64208 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
159 13.596069 93.184.215.14 100.85.255.204 TCP 52 443 → 64208 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0
161 13.596984 93.184.215.14 100.85.255.204 TCP 56 443 → 64209 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
165 13.921081 93.184.215.14 100.85.255.204 TCP 56 443 → 64210 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
167 13.922058 93.184.215.14 100.85.255.204 TCP 52 443 → 64209 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0

Are we can see there is no attempt to do a TLS Handshake. the TCP ACK from the server is followed by a FIN, ACK from the nRF9161. 

82 9.015350 100.85.255.204 93.184.215.14 TCP 56 64196 → 443 [SYN] Seq=0 Win=6372 Len=0 MSS=708
84 9.276977 100.85.255.204 93.184.215.14 TCP 52 64196 → 443 [ACK] Seq=1 Ack=1 Win=6372 Len=0
85 9.284759 100.85.255.204 93.184.215.14 TCP 52 64196 → 443 [FIN, ACK] Seq=1 Ack=1 Win=6372 Len=0

Here is the details of the TCP handshake from wireshark 

Hi,

Is your issue consistently reproducible on the nrf9161-dk?

Have you made any changes to the default cipher suites sample?

Have you tried to use another nrf9161-dk board?

Best regards,
Dejan

Yes, it's consistent on the nrf9161. I also have a nRF9151 DK that does not work as well, but I do not have more nRF9161-DKs. 

I am also doing this work in a workspace not in tree.

This morning, I  "create a new application" select "copy a sample" and select "TLS cipher suite", then add the nRF9161dk build config and build. This fails in the same way (however without modem tracing). All connections are refused. 

Toolchain and SDK are both set to v2.6.1

Below is the 

[Sec Thread] Secure image initializing!
TF-M isolation level is: 0x00000001
Booting TF-M v2.0.0
*** Booting nRF Connect SDK 3758bcbfa5cd ***
TLS Ciphersuites sample started
Certificate mismatch
Provisioning certificate
Waiting for network.. OK
Trying all ciphersuites to find which ones are supported...
Trying ciphersuite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_PSK_WITH_AES_256_CBC_SHA
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_PSK_WITH_AES_128_CBC_SHA256
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_PSK_WITH_AES_128_CBC_SHA
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_PSK_WITH_AES_128_CCM_8
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_EMPTY_RENEGOTIATIONINFO_SCSV
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Connecting to example.com... connect() failed, err: 111, Connection refused
Trying ciphersuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Connecting to example.com... connect() failed, err: 111, Connection refused

Ciphersuite support summary for host `example.com`:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: No
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: No
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: No
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: No
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: No
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: No
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: No
TLS_PSK_WITH_AES_256_CBC_SHA: No
TLS_PSK_WITH_AES_128_CBC_SHA256: No
TLS_PSK_WITH_AES_128_CBC_SHA: No
TLS_PSK_WITH_AES_128_CCM_8: No
TLS_EMPTY_RENEGOTIATIONINFO_SCSV: No
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: No
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: No
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: No

Finished.

I've also uploaded the modem trace.

trace-2024-05-28T12-51-10.831Z.mtrace

Hi,

Thank you for additional information and modem trace.

I have replicated your issue. We will further look into it. I will get back to you with new information, probably by the end of this week.

Best regards,
Dejan

One additional comment. I also tried to establish a TLS connection using the Modem Shell as well as custom firmware, but thought the ciphersuite working is the first thing I should establish, as that is very simple sample code. If you figure out the issue please also try to establish a secure socket connection using the modem shell sample firmware. 

Hi,

Your reported issue seems to be caused by expired certificate and should be resolved by applying this commit. Alternatively, you could try to checkout main.

Best regards,
Dejan

Hi,

Your reported issue seems to be caused by expired certificate and should be resolved by applying this commit. Alternatively, you could try to checkout main.

Best regards,
Dejan