• State Not Answered
  • Replies 5 replies
  • Subscribers 86 subscribers
  • Views 244 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 355958
Options

TLS Handshake Failure During TCAT Commissioning Using tcat_ble_client on nRF54L15

rezwin

Hello everyone,

I am currently working with the nRF54L15 and implementing Thread commissioning using TCAT (Thread Commissioning over Authenticated TLS).

Setup Overview

Current Status

  • BLE advertising and connection are successful.

  • TCAT is started on the nRF54L15.

  • The tcat_ble_client tool is able to discover the device over BLE.

  • However, during the commissioning process, the TLS handshake fails and commissioning does not complete.

Issue Description

When initiating the TCAT connection from the tcat_ble_client, the TLS handshake fails before successful authentication and network joining. This suggests a possible issue related to:

  • TLS configuration (mbedTLS)

  • Certificate or key provisioning

  • BLE L2CAP CoC transport handling

  • TCAT platform integration on the nRF54L15 side

Questions

  1. Are there specific TLS or mbedTLS configuration requirements for TCAT on the nRF54L15 that differ from other Nordic platforms?

  2. Are there any common pitfalls related to certificate generation, placement, or format that could cause TLS handshake failures with tcat_ble_client?

  3. Is there a reference configuration or sample known to work with tcat_ble_client and nRF54L15?

  4. Any recommended debug logs or verification steps to narrow down the TLS handshake failure?

Any guidance or pointers would be greatly appreciated.

Parents Reply Children
  • 0 in reply to Amanda Hsieh

    I am using Nordic Connect SDK (NCS) version 3.1.0 and have enabled TCAT functionality in the Thread CLI. However, in this configuration, the TLS handshake is failing.

  • 0 in reply to rezwin
    rezwin said:
    the TLS handshake is failing.

    Could you provide the log?

  • 0 in reply to Amanda Hsieh 

    //nRF54l15 Log

uart:~$ ot tcat start
Done
[00:01:02.976,711] <inf> bt_sdc_hci_driver: SoftDevice Controller build revision                                                                                                                                                             :
                                            fc de 41 eb a2 d1 42 24  00 b5 f8 57                                                                                                                                                              9f ac 9d 9e |..A...B$ ...W....
                                            aa c9 b4 34                                                                                                                                                                                                   |...4
[00:01:02.977,849] <inf> bt_hci_core: HW Platform: Nordic Semiconductor (0x0002)
[00:01:02.977,865] <inf> bt_hci_core: HW Variant: nRF54Lx (0x0005)
[00:01:02.977,880] <inf> bt_hci_core: Firmware: Standard Bluetooth controller (0                                                                                                                                                             x00) Version 252.16862 Build 1121034987
[00:01:02.978,277] <inf> bt_hci_core: HCI transport: SDC
[00:01:02.978,373] <inf> bt_hci_core: Identity: E1:9A:85:16:32:3B (random)
[00:01:02.978,389] <inf> bt_hci_core: HCI: version 6.1 (0x0f) revision 0x3069, m                                                                                                                                                             anufacturer 0x0059
[00:01:02.978,405] <inf> bt_hci_core: LMP: version 6.1 (0x0f) subver 0x3069

    //BBTC Client Log

C:\Users\asus\Downloads\sdk-openthread-main\sdk-openthread-main\tools\tcat_ble_client>poetry run python3 bbtc.py --scan
The "poetry.dev-dependencies" section is deprecated and will be removed in a future version. Use "poetry.group.dev.dependencies" instead.
Found devices:

1: None - 2E:0F:C1:03:A1:FB
2: None - 00:B5:D8:0F:01:A6
3: None - 20:EB:FC:1B:42:F1
4: None - 56:FD:B7:FC:2C:9C
5: Color Detector - 0B:90:B3:A2:A3:97
6: None - 3F:E4:EA:C2:0F:5D
7: None - 1F:1D:5E:80:C2:45
8: None - 53:24:E7:4F:C3:00
9: None - 50:5A:3B:2F:A0:6F
10: None - FD:4A:E7:6E:87:AC
11: None - D8:23:E0:AD:87:C9
12: None - E1:9A:85:16:32:3B
13: None - CF:1E:9D:DE:34:22
14: None - 25:A1:90:32:6F:AC

Select the target number to connect to it.
> 12
Selected  E1:9A:85:16:32:3B: None
Connecting to <ble.ble_stream.BleStream object at 0x000001D6F921F810>
Setting up secure TLS channel........
Failed
ERROR:__main__:[SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:1006)
TLS handshake failure

  • 0 in reply to rezwin
    rezwin said:
    I am using Nordic Connect SDK (NCS) version 3.1.0

    Could you try the latest version, v3.2.1, and provide the log again?

Related
Terms of service