Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

RE: Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

Øyvind — Mon, 08 Jul 2024 12:27:47 GMT

Hello, Håkon is currently out of office, and I have assigned the ticket to me. Will get back to you within tomorrow.

Kind regards,
Øyvind

RE: Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

AR Jadhav — Wed, 03 Jul 2024 07:13:08 GMT

Hello Hakon,

I was able to create a secure connection over the sockets with the above given example and configs.

Thanks for your help.

I would like to ask few more questions on this.

1. Can you please let me know if this example uses offloaded sockets?

2. And how many number of listening sockets I can create with offloaded sockets?

3. How do I create native sockets without offloading and support TLS?

RE: Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

Håkon Alseth — Tue, 25 Jun 2024 13:37:41 GMT

Hi,

In terms of socket creation, you can have a look at the init process here:

https://github.com/nrfconnect/sdk-nrf/blob/v2.3.0/samples/nrf9160/https_client/src/main.c#L180-L191

This opens up a secure socket and sets the peer verification (ie. domain name verification)

Kind regards,

Håkon

RE: Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

AR Jadhav — Tue, 25 Jun 2024 12:48:09 GMT

Okay sure, I will check out for the certificates.
Just one suggestion I need, can you please let me know how we can confirm that TLS is enabled, or TLS socket is created at client end.

RE: Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

Håkon Alseth — Tue, 25 Jun 2024 07:20:04 GMT

Hi,

We do not have guide for that, but if you check stack overflow for instance and search for "issue certificate on local network" - you will find examples of such.

Kind regards,

Håkon

RE: Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

AR Jadhav — Mon, 24 Jun 2024 14:43:57 GMT

Thanks for the suggestion Hakon.
I am trying out this sample, can you please suggest me which certificate we can use at server end. I am using a sample https-server python file with openssl libraray.

RE: Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

Håkon Alseth — Thu, 20 Jun 2024 09:49:22 GMT

Hi,

Have a look at the https_client sample, more specifically the overlay-tfm_mbedtls.conf:

https://github.com/nrfconnect/sdk-nrf/blob/v2.3.0/samples/nrf9160/https_client/overlay-tfm_mbedtls.conf

And please note that since the release of ncs v2.3.0, the Digicert G2 certificate has been updated:

https://github.com/nrfconnect/sdk-nrf/blob/main/samples/net/https_client/cert/DigiCertGlobalG2.pem

To support more connections, you will need to adjust your mbedtls heap to a higher value, as well as adjusting the amount of sockets (CONFIG_NET_SOCKETS_POLL_MAX / CONFIG_POSIX_MAX_FDS / CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS needs to be higher)

Kind regards,

Håkon

RE: Support 2 simultaneous secure listening sockets. How to configure mbedTLS from nordic.

AR Jadhav — Thu, 20 Jun 2024 09:03:20 GMT

Command used for building the application is:

west build -p always -b nrf9160dk_nrf9160_ns ./ -- -DCONF_FILE="prj.conf tls-overlay.conf"