• State Not Answered
  • Replies 9 replies
  • Subscribers 66 subscribers
  • Views 127 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 329393
Options

nRF9161 FOTA + TLS Download Error

OhmMyGod

Hi,

We are using `fota_download` library on our nRF9161 design running mfw-nrf91x1_2.0.1 to download a firmware upgrade image from our Amazon AWS server location.

When trying to download with TLS enabled, fota_donwload_start function errors out with errno 122: EMSGSIZE, however everything works fine when TLS is not being used. We are also able to download the image if TLS is setup on our local PC/server.

Our current understanding is that the nRF9161 delegates TLS/socket processing to the modem firmware. Adjusting the fragment size in our firmware to a smaller value hasn't resolved the problem, and error 122 persists.
We’ve looked into modifying the TLS settings on AWS server, however that doesn’t seem to be an option as of now.

Wondering if you have any recommendations on how to work around the problem?

Parents
  • 0

    Hello, and thanks for providing this information. 

    Most likely you are hitting the TLS limitation when using TLS. How big is the Sensor-IEP-N1_217A7_v1.6.0.bin file?

    From the modem FW v1.3.5 release notes

     TLS/DTLS

    • Secure socket buffer size is 2kB.
    • Maximum length of DTLS datagram is 1kB.
    • One TLS handshake at a time is supported.
    • Concurrent secure connections
      • Maximum server certificate chain size has a limit of 4kB.
      • Two active connections are supported when serialized DTLS connection exists.
      • Two active connections are supported when client certificate size is over 1kB.
      • Two active connections are supported when GNSS acquisition is active.
      • Three active connections are supported when client certificate size is 1kB or less.
      • Four serialized DTLS connections are supported.
    • Server certificate expiry time is not verified.
    • pkcs#8 is not supported.
    • Maximum number of supported credentials is 32. The actual amount depends on size of credentials as memory area reserved for credentials may be a limiting factor as well.

    Is this you own custom project where you have implemented the fota_download library? Have you tested with the Cellular: HTTP modem delta update to compare?
    Kind regards,
    Øyvind

Reply
  • 0

    Hello, and thanks for providing this information. 

    Most likely you are hitting the TLS limitation when using TLS. How big is the Sensor-IEP-N1_217A7_v1.6.0.bin file?

    From the modem FW v1.3.5 release notes

     TLS/DTLS

    • Secure socket buffer size is 2kB.
    • Maximum length of DTLS datagram is 1kB.
    • One TLS handshake at a time is supported.
    • Concurrent secure connections
      • Maximum server certificate chain size has a limit of 4kB.
      • Two active connections are supported when serialized DTLS connection exists.
      • Two active connections are supported when client certificate size is over 1kB.
      • Two active connections are supported when GNSS acquisition is active.
      • Three active connections are supported when client certificate size is 1kB or less.
      • Four serialized DTLS connections are supported.
    • Server certificate expiry time is not verified.
    • pkcs#8 is not supported.
    • Maximum number of supported credentials is 32. The actual amount depends on size of credentials as memory area reserved for credentials may be a limiting factor as well.

    Is this you own custom project where you have implemented the fota_download library? Have you tested with the Cellular: HTTP modem delta update to compare?
    Kind regards,
    Øyvind

Children
No Data
Related