7762.wireshark_trace_clienthello_only_scsv.pcapng Summary We are trying to perform a DTLS 1.2 handshake using PSK (Pre-Shared Key) from an **nRF9151 module running NCS v3.0.2, using modem-offloaded DTLS (IPPROTO_DTLS_1_2). LTE connects successfully PSK Identity + Key are provisioned to security tag 42 The socket is configured with `TLS_SEC_TAG_LIST` and `TLS_PEER_VERIFY_NONE` DTLS handshake always fails with `errno = 111` (`ECONNREFUSED`) Wireshark trace shows the modem sends a DTLS ClientHello containing only: that means no usable cipher suites get advertised. Expected Behavior The client should send a DTLS ClientHello advertising PSK cipher suites such as: - `TLS_PSK_WITH_AES_128_CCM_8` - `TLS_PSK_WITH_AES_128_CCM` And the server should reply with ServerHello → PSK Key Exchange. This works correctly using: OpenSSL-based client Go client (Pion/dtls) Fails only with the nRF91 modem-based DTLS client Actual Behavior Although PSK identity and key are provisioned correctly inside the modem, the ClientHello sent by the nRF9151 does not include any PSK cipher suite (e.g., TLS_PSK_WITH_AES_128_CCM_8). Instead, it offers only ECDHE-based certificate cipher suites followed by TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00FF). As a result, the DTLS handshake fails with no shared cipher suite. Server (Go or OpenSSL) rejects handshake Client receives errno=111. Files Included | File | Description | |------|-------------| | `main.c` | Full C source used on nRF9151 | | `prj.conf` | Project configuration | | `wireshark_trace_clienthello_only_scsv.pcapng` | Modem trace export | | `server_log.txt` | Output from Go/openssl servers (no shared cipher) | Test with OpenSSL > openssl s_server -dtls -accept 5684 -nocert -psk 73757065727365637265746b6579313233 -psk_identity device001 -cipher "PSK-AES128-CCM8:PSK-AES128-CCM:PSK-AES128-CBC-HA" Returns: Using default temp DH parameters ACCEPT ERROR 4057EA2E827B0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../ssl/statem/statem_srvr.c:2220: shutting down SSL CONNECTION CLOSED PSK Used Identity: device001 Key: supersecretkey123 Confirmed stored under SEC_TAG=42. Questions to Nordic Why does modem DTLS not include PSK ciphers in ClientHello? Is IPPROTO_DTLS_1_2 + TLS_SEC_TAG_LIST enough to enable PSK? Do we need to explicitly set TLS_DTLS_VERSION, TLS_CIPHERSUITE_LIST, or something undocumented? Is this a known issue in nRF9151 modem firmware v1.x? Can you help me to get the DTLS handshake complete with success? In the final product, the DTLS stuff must coexist with the LwM2M (which I already successfully tested 0m nRF9161 platform using Eclipse Leshan together with lwm2m client sample) one on nRF9151. Thank you in advance for your support!

The problem has been resolved! The root cause of the problem was that we entered the key in clear text on nRF9151. We were using: err = modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PSK, "supersecretkey", //supersecretkey strlen("supersecretkey")); instead of: err = modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PSK, "73757065727365637265746B6579", strlen("73757065727365637265746B6579")); As soon as we entered the key in hex the DTLS handshake succeeded. Thanks for the precious help! Joel

DTLS PSK Handshake Failure on nRF9151 DK

JOEBRE 6 months ago

7762.wireshark_trace_clienthello_only_scsv.pcapng

Summary

We are trying to perform a DTLS 1.2 handshake using PSK (Pre-Shared Key)
from an **nRF9151 module running NCS v3.0.2, using modem-offloaded DTLS (IPPROTO_DTLS_1_2).

LTE connects successfully
PSK Identity + Key are provisioned to security tag 42
The socket is configured with `TLS_SEC_TAG_LIST` and `TLS_PEER_VERIFY_NONE`
DTLS handshake always fails with `errno = 111` (`ECONNREFUSED`)
Wireshark trace shows the modem sends a DTLS ClientHello containing only: that means no usable cipher suites get advertised.

Expected Behavior

The client should send a DTLS ClientHello advertising PSK cipher suites such as:

- `TLS_PSK_WITH_AES_128_CCM_8`
- `TLS_PSK_WITH_AES_128_CCM`

And the server should reply with ServerHello → PSK Key Exchange.

This works correctly using:
OpenSSL-based client
Go client (Pion/dtls)
Fails only with the nRF91 modem-based DTLS client

Actual Behavior

Although PSK identity and key are provisioned correctly inside the modem, the ClientHello sent by the nRF9151 does not include any PSK cipher suite (e.g., TLS_PSK_WITH_AES_128_CCM_8). Instead, it offers only ECDHE-based certificate cipher suites followed by TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00FF). As a result, the DTLS handshake fails with no shared cipher suite.
Server (Go or OpenSSL) rejects handshake
Client receives errno=111.

Files Included

| File | Description |
|------|-------------|
| `main.c` | Full C source used on nRF9151 |
| `prj.conf` | Project configuration |
| `wireshark_trace_clienthello_only_scsv.pcapng` | Modem trace export |
| `server_log.txt` | Output from Go/openssl servers (no shared cipher) |

Test with OpenSSL

> openssl s_server -dtls -accept 5684 -nocert -psk 73757065727365637265746b6579313233 -psk_identity device001 -cipher "PSK-AES128-CCM8:PSK-AES128-CCM:PSK-AES128-CBC-HA"
Returns:

Using default temp DH parameters
ACCEPT
ERROR
4057EA2E827B0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../ssl/statem/statem_srvr.c:2220:
shutting down SSL
CONNECTION CLOSED

PSK Used

Identity: device001
Key: supersecretkey123
Confirmed stored under SEC_TAG=42.

Questions to Nordic

Why does modem DTLS not include PSK ciphers in ClientHello?

Is IPPROTO_DTLS_1_2 + TLS_SEC_TAG_LIST enough to enable PSK?

Do we need to explicitly set TLS_DTLS_VERSION, TLS_CIPHERSUITE_LIST, or something undocumented?

Is this a known issue in nRF9151 modem firmware v1.x?

Can you help me to get the DTLS handshake complete with success?

In the final product, the DTLS stuff must coexist with the LwM2M (which I already successfully tested 0m nRF9161 platform using Eclipse Leshan together with lwm2m client sample) one on nRF9151.

Thank you in advance for your support!

Top Replies

JOEBRE 6 months ago in reply to Achim Kraus +2 verified

The problem has been resolved! The root cause of the problem was that we entered the key in clear text on nRF9151. We were using: err = modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PSK, "supersecretkey…

Parents

0 Achim Kraus 6 months ago

Cannot connect to LwM2M server with X509 DTLS. Wireshark shows empty client certificate.

That's the vice versa. It doesn't work, if certificate and PSK credentials are mixed into one sec_tag.

You may check, if that applies with

AT%CMNG=1,42

If that show's more than your PSK credentials, remove the others.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 JOEBRE 6 months ago in reply to Achim Kraus

Hello,  AT%%CMNG=1,42 returned:

42,3,"A4E05CEFA49CFFE2BB25E5E0793625C1199CB4ED83FF1B155BD6591EB043E9F1"

42,4,"54CCD4B043ECEC38BFB890596F7BD99FC8E6058517882A75F3BF37B9475972A1"

Which are the result of:

modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_IDENTITY,

PSK_ID, strlen(PSK_ID));

modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PSK,

PSK_KEY, strlen(PSK_KEY));

So no other credentials than PSK ID and KEY. To be 100% sure the right stuff is injected into the modem now always delete all credentials for tag 42 and then re-enter them using modem_key_mgmt_write.

*** Booting nRF Connect SDK v3.0.2-89ba1294ac9b ***
*** Using Zephyr OS v4.0.99-f791c49f492c ***
[00:00:00.388,000] <inf> main: === LTE + DTLS Handshake Test ===
[00:00:00.388,000] <inf> main: Client PSK Key (ASCII) hex:
73 75 70 65 72 73 65 63 72 65 74 6B 65 79 31 32 33
[00:00:00.388,336] <inf> main: Initializing modem...
[00:00:00.646,270] <inf> nrf_modem_lib_trace: Trace thread ready
[00:00:00.648,071] <inf> nrf_modem_lib_trace: Trace level override: 2
[00:00:00.792,694] <inf> main: Set CFUN to 0 to reset the SIM: OK

[00:00:03.031,860] <inf> main: Cleared credentials type 3 fotr Tag 42
[00:00:03.136,932] <inf> main: Cleared credentials type 4 fotr Tag 42
[00:00:03.260,986] <inf> main: Credentials of Tag 42 are wiped
[00:00:03.261,016] <inf> main: Provisioning Tag 42 with new credentials
[00:00:03.474,914] <inf> main: New credentials for Tag 42 -> ID:1 PSK:1
[00:00:06.546,813] <inf> main: Connecting LTE...
+CEREG: 1,"057D","01017406",7,,,"00001111","00101101"
[00:00:07.181,976] main:  LTE connected!
[00:00:07.375,427] <inf> main: Connecting to GIMSServer.mooo.com (84.55.253.71):5684
[00:00:07.375,732] <inf> main: Performing DTLS handshake with GIMSServer.mooo.com:5684...
[00:00:07.527,954] main:  DTLS handshake failed, errno=111

Nothing changed I still get errno=111.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 JOEBRE 6 months ago in reply to Achim Kraus
I downloaded your cellfund_less5_exer2_solution and switched to SDK 3.1.0 (to completely align with you).

I noticed that this sample makes use of posix socket API, which is different from what I was doing.

Anyway, I slight l modified the code since I'm not interested in COAP for the time being.

As you can see in main.c, I simply replaced server url, PSK ID and KEY and I added the required PIN code.

On the server side I replaced the COAP server with OpenSSL.

Since COAP stuff comes after the DTLS PSK, the code should be able to successfully complete the DTSL PSK handshake.

Here the outcomes:

*** Booting nRF Connect SDK v3.1.0-6c6e5b32496e *** *** Using Zephyr OS v4.1.99-1612683d4010 *** [00:00:00.390,502] <inf> Lesson5_Exercise2: Initializing modem library [00:00:00.648,742] <inf> nrf_modem_lib_trace: Trace thread ready [00:00:00.650,146] <inf> nrf_modem_lib_trace: Trace level override: 2 [00:00:02.360,687] <inf> Lesson5_Exercise2: Connecting to LTE network [00:00:06.162,292] <inf> Lesson5_Exercise2: Network registration status: Connected - home network [00:00:06.162,414] <inf> Lesson5_Exercise2: Connected to LTE network [00:00:06.377,288] <inf> Lesson5_Exercise2: IPv4 Address found 84.55.253.71 [00:00:06.631,561] <err> Lesson5_Exercise2: Connect failed : 111 [00:00:06.631,591] <inf> Lesson5_Exercise2: Failed to initialize client [00:00:08.796,966] <inf> Lesson5_Exercise2: RRC mode: Idle

As before on the terminal I get error 111.

On the server side I run:

> openssl s_server -dtls1_2 -accept 5684 -psk_identity device001 -psk\ 73757065727365637265746b6579313233 -nocert -state -debug -msg.

cellfund_less5_exer2_solution_newresults.zip

In the zip:

main.c: the modified main

prj.conf and nrf9151dk_nrf9151_ns.overlay required to enable modem trace

OpenSSL_ DTLS_ log.txt: openssl debug dump

wireshark.txt: Wireshark output summary and ClientHello dettail

I'm using VC nrfConnect plugin for building and programming the target (nrfjprog has been obsoleted and is not anymore available for download).

Do you see any useful information in the results ? Can you try to replicate the same on your side (using OpenSSL)?

Thanks in advance for any help.

Regards, Joel

p.s. I'm assuming NRF uses DTLS 1_2. Is this correct ?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Achim Kraus 6 months ago in reply to JOEBRE

JOEBRE said:
I noticed that this sample makes use of posix socket API, which is different from what I was doing.

AFAIK, that's getting required in NCS 3.1.0

JOEBRE said:
Anyway, I slight l modified the code since I'm not interested in COAP for the time being.

I'm an other user, no Nordic engineer. I just toke an common example to verify DTLS. Though the "Client_Hello" seems to be the issue, it also doesn't depend on the used server (at least I'm not aware of). With that I would recommend, that you simply use the unmodified example (maybe you need to remove other credentials on sec_tag 12, I haven't added a modem_key_mgmt_clear) and see, if that succeeds or fails as well.

Only if it succeeds, you may apply your changes step by step and see, when it breaks.

If the unmodified example fails also, I don't know why. Then you may need to wait for an Nordic engineer.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Achim Kraus 6 months ago in reply to JOEBRE

JOEBRE said:
I'm assuming NRF uses DTLS 1_2. Is this correct ?

AFAIK, that's correct. Wireshark shows 1.0 for the record of the Client_Hello, because some implementations interpret the negotiation of the version in that way. The handshake message version is than 1.2.

DTLS 1.3 implementations are not that widespread, I mainly know, that wolf SSL has one.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 JOEBRE 6 months ago in reply to Achim Kraus

I get compilation errors when I try to build with 3.1.0. Sure this is the fixed code for 3.1.0 ?

Regards, Joel
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Achim Kraus 6 months ago in reply to JOEBRE

Fullscreen 0118.build.log Download

west build -b nrf9151dk/nrf9151/ns -p -- -DSNIPPET="nrf91-modem-trace-uart"
-- west build: generating a build system
Loading Zephyr module(s) (Zephyr base): sysbuild_default
-- Found Python3: /usr/bin/python3 (found suitable version "3.10.12", minimum required is "3.10") found components: Interpreter
-- Cache files will be written to: /home/achim/.cache/zephyr
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf9151dk, qualifiers: nrf9151/ns
-- Snippet(s): nrf91-modem-trace-uart
Parsing /home/achim/repos/zephyr/zephyr-coaps-client/zephyr/share/sysbuild/Kconfig
Loaded configuration '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/_sysbuild/empty.conf'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/_sysbuild/empty.conf'
Configuration saved to '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/zephyr/.config'
Kconfig header saved to '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/_sysbuild/autoconf.h'
-- 
   ***************************************************
   * Running CMake for cellfund_less5_exer2_solution *
   ***************************************************

Loading Zephyr default modules (Zephyr base).
-- Application: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution
-- CMake version: 4.1.2
-- Found Python3: /usr/bin/python3 (found suitable version "3.10.12", minimum required is "3.10") found components: Interpreter
-- Cache files will be written to: /home/achim/.cache/zephyr
-- Zephyr version: 4.1.99 (/home/achim/repos/zephyr/zephyr-coaps-client/zephyr)
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf9151dk, qualifiers: nrf9151/ns
-- Snippet(s): nrf91-modem-trace-uart
-- ZEPHYR_TOOLCHAIN_VARIANT not set, trying to locate Zephyr SDK
-- Found host-tools: zephyr 0.17.2 (/home/achim/zephyr-sdk-0.17.2)
-- Found toolchain: zephyr 0.17.2 (/home/achim/zephyr-sdk-0.17.2)
-- Found Dtc: /home/achim/zephyr-sdk-0.17.2/sysroots/x86_64-pokysdk-linux/usr/bin/dtc (found suitable version "1.7.0", minimum required is "1.4.6")
-- Found BOARD.dts: /home/achim/repos/zephyr/zephyr-coaps-client/zephyr/boards/nordic/nrf9151dk/nrf9151dk_nrf9151_ns.dts
-- Found devicetree overlay: /home/achim/repos/zephyr/zephyr-coaps-client/nrf/snippets/nrf91-modem-trace-uart/modem-trace-uart-nrf91.overlay
-- Generated zephyr.dts: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/zephyr.dts
-- Generated pickled edt: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/edt.pickle
-- Generated devicetree_generated.h: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/include/generated/zephyr/devicetree_generated.h
Parsing /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/Kconfig
Loaded configuration '/home/achim/repos/zephyr/zephyr-coaps-client/zephyr/boards/nordic/nrf9151dk/nrf9151dk_nrf9151_ns_defconfig'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/prj.conf'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/nrf/snippets/nrf91-modem-trace-uart/modem-trace-uart-common.conf'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/nrf/snippets/nrf91-modem-trace-uart/modem-trace-uart-nrf91.conf'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/.config.sysbuild'
Configuration saved to '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/.config'
Kconfig header saved to '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: /home/achim/zephyr-sdk-0.17.2/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd (found version "2.38")
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /home/achim/zephyr-sdk-0.17.2/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
=========== Generating psa_crypto_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: False
Backup: CONFIG_MBEDTLS_THREADING_C: True
Backup: CONFIG_MBEDTLS_THREADING_ALT: False
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: False
Restore: CONFIG_MBEDTLS_THREADING_C: True
Restore: CONFIG_MBEDTLS_THREADING_ALT: False
=========== End psa_crypto_config ===============
=========== Generating psa_crypto_library_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Backup: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Backup: CONFIG_MBEDTLS_THREADING_C: True
Backup: CONFIG_MBEDTLS_THREADING_ALT: False
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Restore: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Restore: CONFIG_MBEDTLS_THREADING_C: True
Restore: CONFIG_MBEDTLS_THREADING_ALT: False
=========== End psa_crypto_library_config ===============
-- Using ccache: /usr/bin/ccache
-- Found gen_kobject_list: /home/achim/repos/zephyr/zephyr-coaps-client/zephyr/scripts/build/gen_kobject_list.py
-- Configuring done (8.2s)
-- Generating done (0.3s)
-- Build files have been written to: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution
Dropping partition 'nonsecure_storage' since it is empty.
-- Configuring done (12.2s)
-- Generating done (0.0s)
-- Build files have been written to: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build
-- west build: building application
[5/10] Performing build step for 'cellfund_less5_exer2_solution'
[1/342] Preparing syscall dependency handling

[5/342] Generating include/generated/zephyr/version.h
-- Zephyr version: 4.1.99 (/home/achim/repos/zephyr/zephyr-coaps-client/zephyr), build: ncs-v3.1.0-1-gecccacad8c3a
[12/342] Generating ../../tfm/CMakeCache.txt
-- Found Git: /usr/bin/git (found version "2.34.1")
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /home/achim/zephyr-sdk-0.17.2/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
-- Found Python3: /usr/bin/python3 (found version "3.10.12") found components: Interpreter
-- Found Python3: /usr/bin/python3 (found suitable version "3.10.12", minimum required is "3.10") found components: Interpreter
-- Cache files will be written to: /home/achim/.cache/zephyr
CMake Warning (dev) at /home/achim/repos/zephyr/zephyr-coaps-client/nrf/modules/trusted-firmware-m/tfm_boards/nrf9120/CMakeLists.txt:24 (install):
  Policy CMP0177 is not set: install() DESTINATION paths are normalized.  Run
  "cmake --help-policy CMP0177" for policy details.  Use the cmake_policy
  command to set the policy and suppress this warning.
This warning is for project developers.  Use -Wno-dev to suppress it.

-- Configuring done (0.8s)
-- Generating done (0.1s)
-- Build files have been written to: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/tfm
[17/342] Performing build step for 'tfm'
[137/141] Linking C executable bin/tfm_s.axf
Memory region         Used Size  Region Size  %age Used
           FLASH:       32092 B        32 KB     97.94%
             RAM:       10404 B        32 KB     31.75%
[141/141] Linking C static library secure_fw/libtfm_s_veneers.a
[19/342] Performing install step for 'tfm'
-- Install configuration: "MinSizeRel"
----- Installing platform NS -----
[342/342] Linking C executable zephyr/zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       88928 B       992 KB      8.75%
             RAM:       25200 B     195224 B     12.91%
        IDT_LIST:          0 GB        32 KB      0.00%
Generating files from /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/zephyr.elf for board: nrf9151dk
[10/10] Generating ../merged.hex

I don't get build errors.

If the "nrf_modem_at_printf" are added, it may require to add

#include <nrf_modem_at.h>

as well. With that it builds again without errors.

Just to mention: for the very first tests you don't need your own server, just take leshan or californium. Both will do the handshake. Therefore I only added the lines for the PIN:

/* 3) Bring modem online */
nrf_modem_at_printf("AT+CFUN=41");
k_msleep(2000);
/* My IoT sim has a PIN */
nrf_modem_at_printf("AT+CPIN=\"xyza\"");
k_msleep(1000);

err = lte_lc_connect_async(lte_handler);

( I used to CFUN=41 for SIM only stuff, but I've also tested it with CFUN=1).

Also with that modification, the client works.

5808.merged.hex

(Prebuild image with enabled modem trace and your PIN. If you like use that and check the modem trace with the cellular monitor.)

Reply

0 Achim Kraus 6 months ago in reply to JOEBRE

Fullscreen 0118.build.log Download

west build -b nrf9151dk/nrf9151/ns -p -- -DSNIPPET="nrf91-modem-trace-uart"
-- west build: generating a build system
Loading Zephyr module(s) (Zephyr base): sysbuild_default
-- Found Python3: /usr/bin/python3 (found suitable version "3.10.12", minimum required is "3.10") found components: Interpreter
-- Cache files will be written to: /home/achim/.cache/zephyr
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf9151dk, qualifiers: nrf9151/ns
-- Snippet(s): nrf91-modem-trace-uart
Parsing /home/achim/repos/zephyr/zephyr-coaps-client/zephyr/share/sysbuild/Kconfig
Loaded configuration '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/_sysbuild/empty.conf'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/_sysbuild/empty.conf'
Configuration saved to '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/zephyr/.config'
Kconfig header saved to '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/_sysbuild/autoconf.h'
-- 
   ***************************************************
   * Running CMake for cellfund_less5_exer2_solution *
   ***************************************************

Loading Zephyr default modules (Zephyr base).
-- Application: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution
-- CMake version: 4.1.2
-- Found Python3: /usr/bin/python3 (found suitable version "3.10.12", minimum required is "3.10") found components: Interpreter
-- Cache files will be written to: /home/achim/.cache/zephyr
-- Zephyr version: 4.1.99 (/home/achim/repos/zephyr/zephyr-coaps-client/zephyr)
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf9151dk, qualifiers: nrf9151/ns
-- Snippet(s): nrf91-modem-trace-uart
-- ZEPHYR_TOOLCHAIN_VARIANT not set, trying to locate Zephyr SDK
-- Found host-tools: zephyr 0.17.2 (/home/achim/zephyr-sdk-0.17.2)
-- Found toolchain: zephyr 0.17.2 (/home/achim/zephyr-sdk-0.17.2)
-- Found Dtc: /home/achim/zephyr-sdk-0.17.2/sysroots/x86_64-pokysdk-linux/usr/bin/dtc (found suitable version "1.7.0", minimum required is "1.4.6")
-- Found BOARD.dts: /home/achim/repos/zephyr/zephyr-coaps-client/zephyr/boards/nordic/nrf9151dk/nrf9151dk_nrf9151_ns.dts
-- Found devicetree overlay: /home/achim/repos/zephyr/zephyr-coaps-client/nrf/snippets/nrf91-modem-trace-uart/modem-trace-uart-nrf91.overlay
-- Generated zephyr.dts: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/zephyr.dts
-- Generated pickled edt: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/edt.pickle
-- Generated devicetree_generated.h: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/include/generated/zephyr/devicetree_generated.h
Parsing /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/Kconfig
Loaded configuration '/home/achim/repos/zephyr/zephyr-coaps-client/zephyr/boards/nordic/nrf9151dk/nrf9151dk_nrf9151_ns_defconfig'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/prj.conf'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/nrf/snippets/nrf91-modem-trace-uart/modem-trace-uart-common.conf'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/nrf/snippets/nrf91-modem-trace-uart/modem-trace-uart-nrf91.conf'
Merged configuration '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/.config.sysbuild'
Configuration saved to '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/.config'
Kconfig header saved to '/home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: /home/achim/zephyr-sdk-0.17.2/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd (found version "2.38")
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /home/achim/zephyr-sdk-0.17.2/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
=========== Generating psa_crypto_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: False
Backup: CONFIG_MBEDTLS_THREADING_C: True
Backup: CONFIG_MBEDTLS_THREADING_ALT: False
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: False
Restore: CONFIG_MBEDTLS_THREADING_C: True
Restore: CONFIG_MBEDTLS_THREADING_ALT: False
=========== End psa_crypto_config ===============
=========== Generating psa_crypto_library_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Backup: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Backup: CONFIG_MBEDTLS_THREADING_C: True
Backup: CONFIG_MBEDTLS_THREADING_ALT: False
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Restore: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Restore: CONFIG_MBEDTLS_THREADING_C: True
Restore: CONFIG_MBEDTLS_THREADING_ALT: False
=========== End psa_crypto_library_config ===============
-- Using ccache: /usr/bin/ccache
-- Found gen_kobject_list: /home/achim/repos/zephyr/zephyr-coaps-client/zephyr/scripts/build/gen_kobject_list.py
-- Configuring done (8.2s)
-- Generating done (0.3s)
-- Build files have been written to: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution
Dropping partition 'nonsecure_storage' since it is empty.
-- Configuring done (12.2s)
-- Generating done (0.0s)
-- Build files have been written to: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build
-- west build: building application
[5/10] Performing build step for 'cellfund_less5_exer2_solution'
[1/342] Preparing syscall dependency handling

[5/342] Generating include/generated/zephyr/version.h
-- Zephyr version: 4.1.99 (/home/achim/repos/zephyr/zephyr-coaps-client/zephyr), build: ncs-v3.1.0-1-gecccacad8c3a
[12/342] Generating ../../tfm/CMakeCache.txt
-- Found Git: /usr/bin/git (found version "2.34.1")
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /home/achim/zephyr-sdk-0.17.2/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
-- Found Python3: /usr/bin/python3 (found version "3.10.12") found components: Interpreter
-- Found Python3: /usr/bin/python3 (found suitable version "3.10.12", minimum required is "3.10") found components: Interpreter
-- Cache files will be written to: /home/achim/.cache/zephyr
CMake Warning (dev) at /home/achim/repos/zephyr/zephyr-coaps-client/nrf/modules/trusted-firmware-m/tfm_boards/nrf9120/CMakeLists.txt:24 (install):
  Policy CMP0177 is not set: install() DESTINATION paths are normalized.  Run
  "cmake --help-policy CMP0177" for policy details.  Use the cmake_policy
  command to set the policy and suppress this warning.
This warning is for project developers.  Use -Wno-dev to suppress it.

-- Configuring done (0.8s)
-- Generating done (0.1s)
-- Build files have been written to: /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/tfm
[17/342] Performing build step for 'tfm'
[137/141] Linking C executable bin/tfm_s.axf
Memory region         Used Size  Region Size  %age Used
           FLASH:       32092 B        32 KB     97.94%
             RAM:       10404 B        32 KB     31.75%
[141/141] Linking C static library secure_fw/libtfm_s_veneers.a
[19/342] Performing install step for 'tfm'
-- Install configuration: "MinSizeRel"
----- Installing platform NS -----
[342/342] Linking C executable zephyr/zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       88928 B       992 KB      8.75%
             RAM:       25200 B     195224 B     12.91%
        IDT_LIST:          0 GB        32 KB      0.00%
Generating files from /home/achim/repos/zephyr/zephyr-coaps-client/cellfund_less5_exer2_solution/build/cellfund_less5_exer2_solution/zephyr/zephyr.elf for board: nrf9151dk
[10/10] Generating ../merged.hex

I don't get build errors.

If the "nrf_modem_at_printf" are added, it may require to add

#include <nrf_modem_at.h>

as well. With that it builds again without errors.

Just to mention: for the very first tests you don't need your own server, just take leshan or californium. Both will do the handshake. Therefore I only added the lines for the PIN:

( I used to CFUN=41 for SIM only stuff, but I've also tested it with CFUN=1).

Also with that modification, the client works.

5808.merged.hex

(Prebuild image with enabled modem trace and your PIN. If you like use that and check the modem trace with the cellular monitor.)

Children

0 JOEBRE 6 months ago in reply to Achim Kraus

Thanks ... at this point I was able to get the DTLS handshake succeed with this code. If I change the server url to point to my DTLS UDP server or a oepenSSL server instance,I get the usual error 111.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Achim Kraus 6 months ago in reply to JOEBRE

If you would use the Cellular Monitor and provide the ip capture (wireshark), I would easily see, that the error 111 is caused by different things. This ticket started with PSK credentials but the wrong cipher suites (only no PSK). I'm not sure, if this is still the case. I can now change the to your server url, to see, if that really changes the proposed cipher suites, but I would prefer, if you start to provide the traces.

Once a Nordic engineer works on this, you may anyway need a modem trace.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Achim Kraus 6 months ago in reply to JOEBRE

If I use your "GIMSServer", I still get a list with PSK cipher suites.

#define ECONNREFUSED 111 /* Connection refused */

tells, that the connection is refused. But there are many reasons for that. One maybe, that even if PSK cipher suites are proposed, the server doesn't support one of the proposed. Then the server may send an handshake alert instead of a Server_Hello. Or the identity/secret doesn't match. The the handshake may timeout or fail after the FINISH.

(I would test to use a slightly shorter psk, your's has 17 bytes. Remove the last one.)

Without current ip-capture, it stays unclear, where it fails.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 JOEBRE 6 months ago in reply to Achim Kraus

I changed PSK removing the final "123". I also configured the GO DTLS server to use TLS_PSK_WITH_AES_128_CCM_8. This changed the behavior...

dtls_handshake_capture.pcapng

Fullscreen DTLS_DEbug.txt Download

No.	Time	Source	Destination	Protocol	Length	Info
1	0.000000			AT	30	Sent AT Command: AT%XMODEMTRACE=1,2
2	0.001068			AT	16	Rcvd AT Command: OK  
3	0.001587			AT	35	Sent AT Command: AT%XCOEX0=1,1,1565,1586
4	0.001740			AT	16	Rcvd AT Command: OK  
5	0.002564			AT	34	Sent AT Command: AT%XSYSTEMMODE=1,0,0,0
6	0.002808			AT	16	Rcvd AT Command: OK  
7	0.003479			AT	28	Sent AT Command: AT%FEACONF=0,3,1
8	0.003510			AT	16	Rcvd AT Command: OK  
9	0.010163			AT	20	Sent AT Command: AT+CFUN?
10	0.010224			AT	26	Rcvd AT Command: +CFUN: 0  OK  
11	0.010803			AT	21	Sent AT Command: AT+CFUN=1
12	0.043213			AT	16	Rcvd AT Command: OK  
13	2.043671			AT	19	Sent AT Command: AT+CPIN
14	2.043671			AT	32	Rcvd AT Command: +CPIN: SIM PIN  OK  
15	2.044190			AT	19	Sent AT Command: AT+CPIN
16	2.075653			AT	16	Rcvd AT Command: OK  
17	2.538819			LTE RRC BCCH_BCH	28	MasterInformationBlock (SFN=18)
18	2.542755			LTE RRC DL_SCH	117	SystemInformationBlockType1
19	2.546784			LTE RRC DL_SCH	103	SystemInformation [ SIB2 ]
20	2.550873			NAS-EPS	118	Attach request, PDN connectivity request
21	2.553192			LTE RRC UL_CCCH	30	RRCConnectionRequest
22	2.631012			LTE RRC DL_CCCH	74	RRCConnectionSetup
23	2.632385			LTE RRC UL_DCCH/NAS-EPS	137	RRCConnectionSetupComplete, Attach request, PDN connectivity request
24	2.742096			LTE RRC DL_DCCH/NAS-EPS	30	DLInformationTransfer, Identity request
25	2.742188			NAS-EPS	19	Identity request
26	2.742218			NAS-EPS	27	Identity response
27	2.742371			LTE RRC UL_DCCH/NAS-EPS	44	ULInformationTransfer, Identity response
28	2.814087			LTE RRC DL_DCCH/NAS-EPS	63	DLInformationTransfer, Authentication request
29	2.814179			NAS-EPS	52	Authentication request
30	2.873871			NAS-EPS	27	Authentication response
31	2.874024			LTE RRC UL_DCCH/NAS-EPS	44	ULInformationTransfer, Authentication response
32	2.971131			LTE RRC DL_DCCH/NAS-EPS	41	DLInformationTransfer, Security mode command
33	2.971192			NAS-EPS	30	Security mode command
34	2.973023			NAS-EPS	29	Security mode complete
35	2.973175			LTE RRC UL_DCCH/NAS-EPS	46	ULInformationTransfer, Ciphered message
36	3.554230			LTE RRC DL_DCCH	27	SecurityModeCommand
37	3.555969			LTE RRC UL_DCCH	26	SecurityModeComplete
38	3.603150			LTE RRC DL_DCCH	55	UECapabilityEnquiry
39	3.605133			LTE RRC UL_DCCH	150	UECapabilityInformation
40	3.715424			LTE RRC DL_DCCH/NAS-EPS	260	RRCConnectionReconfiguration, Ciphered message
41	3.716919			LTE RRC UL_DCCH	26	RRCConnectionReconfigurationComplete
42	3.717346			NAS-EPS	189	Ciphered message, Attach accept, Activate default EPS bearer context request (PDN type IPv4 only allowed)
43	3.717987			NAS-EPS	23	Attach complete, Activate default EPS bearer context accept
44	3.718201			LTE RRC UL_DCCH/NAS-EPS	40	ULInformationTransfer, Ciphered message, Deactivate EPS bearer context request (Unknown)
45	3.774140			LTE RRC DL_DCCH/NAS-EPS	54	DLInformationTransfer, Ciphered message
46	3.774262			NAS-EPS	43	Ciphered message, EMM information
47	3.835266			LTE RRC DL_DCCH	37	RRCConnectionReconfiguration
48	3.836029			LTE RRC UL_DCCH	26	RRCConnectionReconfigurationComplete
49	5.076172			AT	19	Sent AT Command: AT+CPIN
50	5.076203			AT	30	Rcvd AT Command: +CPIN: READY  OK  
51	5.076630			AT	21	Sent AT Command: AT+CFUN=4
52	5.078217			NAS-EPS	31	Detach request (Combined EPS/IMSI detach / switch-off)
53	5.078369			LTE RRC UL_DCCH/NAS-EPS	48	ULInformationTransfer, Ciphered message(DTAP) (TP) Update UE Location Information [Malformed Packet]
54	5.300354			LTE RRC DL_DCCH	38	RRCConnectionRelease [cause=other]
55	5.419403			AT	16	Rcvd AT Command: OK  
56	6.428681			AT	20	Sent AT Command: AT+CMEE?
57	6.428711			AT	26	Rcvd AT Command: +CMEE: 0  OK  
58	6.435211			AT	21	Sent AT Command: AT+CMEE=1
59	6.435242			AT	16	Rcvd AT Command: OK  
60	6.435974			AT	19	Sent AT Command: AT%CMNG
61	7.161163			AT	16	Rcvd AT Command: OK  
62	7.161621			AT	21	Sent AT Command: AT+CMEE=0
63	7.161652			AT	16	Rcvd AT Command: OK  
64	7.162110			AT	20	Sent AT Command: AT+CMEE?
65	7.162140			AT	26	Rcvd AT Command: +CMEE: 0  OK  
66	7.162598			AT	21	Sent AT Command: AT+CMEE=1
67	7.162628			AT	16	Rcvd AT Command: OK  
68	7.163147			AT	19	Sent AT Command: AT%CMNG
69	7.236633			AT	16	Rcvd AT Command: OK  
70	7.237091			AT	21	Sent AT Command: AT+CMEE=0
71	7.237122			AT	16	Rcvd AT Command: OK  
72	7.237518			AT	21	Sent AT Command: AT+CFUN=1
73	7.270172			AT	16	Rcvd AT Command: OK  
74	9.270691			AT	19	Sent AT Command: AT+CPIN
75	9.302124			AT	16	Rcvd AT Command: OK  
76	9.769104			LTE RRC BCCH_BCH	28	MasterInformationBlock (SFN=198)
77	9.783020			LTE RRC DL_SCH	117	SystemInformationBlockType1
78	9.783692			LTE RRC DL_SCH	103	SystemInformation [ SIB2 ]
79	9.786499			NAS-EPS	118	Attach request, PDN connectivity request
80	9.788605			LTE RRC UL_CCCH	30	RRCConnectionRequest
81	9.826325			LTE RRC DL_CCCH	74	RRCConnectionSetup
82	9.827698			LTE RRC UL_DCCH/NAS-EPS	137	RRCConnectionSetupComplete, Attach request, PDN connectivity request
83	10.302674			AT	21	Sent AT Command: AT+CEREG?
84	10.302826			AT	49	Rcvd AT Command: +CEREG: 0,2,"057D","01017406",7  OK  
85	10.303589			AT	20	Sent AT Command: AT+CFUN?
86	10.303650			AT	26	Rcvd AT Command: +CFUN: 1  OK  
87	10.304260			AT	22	Sent AT Command: AT+CEREG=5
88	10.304260			AT	16	Rcvd AT Command: OK  
89	10.304688			AT	22	Sent AT Command: AT+CSCON=1
90	10.304718			AT	16	Rcvd AT Command: OK  
91	10.305206			AT	21	Sent AT Command: AT+CFUN=1
92	10.305786			AT	16	Rcvd AT Command: OK  
93	10.381409			LTE RRC DL_DCCH	27	SecurityModeCommand
94	10.383301			LTE RRC UL_DCCH	26	SecurityModeComplete
95	10.488281			LTE RRC DL_DCCH	55	UECapabilityEnquiry
96	10.490326			LTE RRC UL_DCCH	150	UECapabilityInformation
97	10.594574			LTE RRC DL_DCCH/NAS-EPS	260	RRCConnectionReconfiguration, Ciphered message
98	10.596344			LTE RRC UL_DCCH	26	RRCConnectionReconfigurationComplete
99	10.596802			NAS-EPS	189	Ciphered message, Attach accept, Activate default EPS bearer context request (PDN type IPv4 only allowed)
100	10.597809			NAS-EPS	23	Attach complete, Activate default EPS bearer context accept
101	10.597992			LTE RRC UL_DCCH/NAS-EPS	40	ULInformationTransfer, Ciphered message
102	10.645844			AT	67	Rcvd AT Command: +CEREG: 1,"057D","01017406",7,,,"00001111","00101101"  
103	10.647064	10.238.101.106	193.5.23.8	DNS	77	Standard query 0x17be A GIMSServer.mooo.com
104	10.656433			LTE RRC DL_DCCH/NAS-EPS	54	DLInformationTransfer, Ciphered message
105	10.656555			NAS-EPS	43	Ciphered message, EMM information
106	10.724518			LTE RRC DL_DCCH	37	RRCConnectionReconfiguration
107	10.725281			LTE RRC UL_DCCH	26	RRCConnectionReconfigurationComplete
108	10.874237	193.5.23.8	10.238.101.106	DNS	93	Standard query response 0x17be A GIMSServer.mooo.com A 84.55.253.71
109	10.880158	10.238.101.106	84.55.253.71	DTLSv1.2	176	Client Hello (SNI=GIMSServer.mooo.com)
110	10.989227	84.55.253.71	10.238.101.106	DTLSv1.2	88	Hello Verify Request
111	10.990021	10.238.101.106	84.55.253.71	DTLSv1.2	196	Client Hello (SNI=GIMSServer.mooo.com)
112	11.090820	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
113	11.097626	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
114	12.199555	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
115	13.225708	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
116	13.226288	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
117	15.138642	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
118	15.139160	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
119	17.090851	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
120	17.091431	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
121	19.192413	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
122	19.302979	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
123	19.303375	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
124	21.217987	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
125	21.218445	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
126	23.143097	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
127	23.143524	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
128	25.086151	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
129	25.086579	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
130	27.298218	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
131	27.298676	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
132	29.217224	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
133	29.217560	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
134	31.137268	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
135	31.137634	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
136	33.088379	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
137	33.088715	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
138	35.334473	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
139	35.334809	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
140	37.217529	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
141	37.217865	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
142	39.136658	84.55.253.71	10.238.101.106	DTLSv1.2	171	Server Hello, Server Key Exchange, Server Hello Done
143	39.137238	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
144	43.238281	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
145	51.339935	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
146	67.441742	10.238.101.106	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

See dtls_handshake_capture.pcapng wireshark capture (I hope this contains everything) and DTLS_DEbug.txt which shows the message sequence in Wireshark.

As mentioned Lesson5_Exercise2 is connecting successfully to the public COAP server.

Joel

0 Achim Kraus 6 months ago in reply to JOEBRE

I would check, if the go server really wants the psk in hex or how to pass it in as hex. Otherwise, just pass "secret" into go (plain) and "736563726574" to the modem (hex) and see what's happen.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel