This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Require BLE 4.2 key exchange but not MITM

I have an application which requires protection from passive eavesdropping, but not man in the middle attacks. I want to enforce the use of diffie hellman key exchange.

Security Mode 1 Level 4 does enforce diffie hellman key exchange, but it also enforces man in the middle protection. I really only need Security Mode 1 Level 2, but with Secure Connection support.

I thought about checking the lesc field in the data for the BLE_GAP_EVT_SEC_PARAMS_REQUEST event. However, sd_ble_gap_sec_params_reply returns NRF_ERROR_INVALID_STATE. I'm using Peer Manager, which is presumably already calling this function.

BLE_GATTS_EVT_RW_AUTHORIZE_REQUEST looks capable of doing what I want, but I wanted to check if there was a way which involved configuration only. Any suggestions?

I'm using SDK 13.0.0 and softdevice s140 5.0.0-2.alpha on the nRF52840.

Related