RE: NRF9160 PSK Cipher-Suites in modem and TLS 1.3

Achim Kraus — Wed, 31 Jul 2024 15:55:47 GMT

The usage of TLS_ECDHE_PSK requires ECC calculations and therefore using TLS_ECDHE_ECDSA requires not that more calculations. The pain may be using x509, if RawPublicKey (RFC 7250) isn't supported (AFAIK mbedtls doesn't support it).

With RPK and an efficient ECC implementation (either hw or micro-ecc) using TLS_ECDHE_ECDSA is pretty well (see Eclipse/tinydtls and Eclipse/Californium). UDP payload handshake all together about 1225 bytes, time for handshake 1s (nRF9160, micro_ecc), and with DTLS 1.2 CID, that is only required once for a "pretty long time".

RE: NRF9160 PSK Cipher-Suites in modem and TLS 1.3

dejans — Wed, 31 Jul 2024 14:35:20 GMT

Hi,

[quote user=""]Are there any plans to add more cipher suites to the modem firmware of the NRF9160 in the future? Especially of interest are cipher suites that are recommended to be used up to 2030+. Are there any timelines for future modem firmware releases?[/quote]

For future plans, modem releases and timelines please contact your regional sales manager.

[quote user=""]Are there any plans to add support for TLS 1.3 to the modem firmware and/or to zephyr (e.g. with mbedTLS) in the future, in case usage of TLS 1.2 will not be recommended anymore in a few years?[/quote]

Maybe you can get this information by asking in the Zephyr Discord channel directly (visit Zephyr community and go to Community->Connect with Zephyr->Discord). Otherwise, please contact your regional sales manager regarding future support for TLS v1.3.

Best regards,
Dejan