• State Verified Answer
  • Replies 7 replies
  • Subscribers 62 subscribers
  • Views 7339 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 214087
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Keep getting Failed to secure connection error

joeyh

Hi,

Using the gls example, as soon as I try to connect to it using NRF Connect on my iPhone, I get the "Failed to secure connection.  Disconnecting." error.  Once the error starts, it keeps loops forever like below:


 app: Glucose example started.
 app: Fast advertising
 app: Connected
 app: Failed to secure connection. Disconnecting.
 app: Fast advertising
 app: Disconnected
 app: Connected
 app: Start encryption
 app: Failed to secure connection. Disconnecting.
 app: Fast advertising
 app: Disconnected
 app: Connected
 app: Failed to secure connection. Disconnecting.
 app: Fast advertising
 app: Disconnected
 app: Connected
 app: Failed to secure connection. Disconnecting.
 app: Fast advertising
 app: Disconnected
 app: Connected
 app: Failed to secure connection. Disconnecting.
 app: Fast advertising
 app: Disconnected
 app: Connected
 app: Start encryption
 app: Failed to secure connection. Disconnecting.
 app: Fast advertising
 app: Disconnected

It seem like I am getting the "PM_EVT_CONN_SEC_FAILED" event before the Security Request timer is timed out, i.e. before encryption begins.

Before I had these errors, the pairing code was able to work once.  But, since I the errors begin to happen as soon as I deleted the bond (by pressing Key#2 while restarting the firmware).

I tried erase the flash, and reload the firmware, but no difference, the error still happens.

Any idea on how I can get this pairing code to work again will be greatly appreciated.

Thanks,

Joseph

  • 0

    Hi,

    on re-connect, the iPhone will send an encryption start request to encrypt the link with existing key (LTK) which will fail because the bond info was deleted on the peripheral. To make it work again you need to delete the bond info on the iphone as well. Go to settings->Bluetooth, and remove the GLS device from the list, then re-connect. 

  • 0 in reply to Vidar Berg

    Great.  That is exactly the problem.  Thanks a lot.

    Another question: In production environment, what would be the expected procedure to unbond a previously bonded phone from the device?

    I meant the "unbonding" should ideally be performed from the mobile App side.  On iOS, I don't think we should have the user perform unbond from the app and then one more time from Settings > Bluetooth.   I suppose there are iOS APIs to allow us to perform the equivalent of "Settings > Bluetooth > forget" right from our app.  Is that how you would do it?

  • 0 in reply to joeyh

    The bond management service may be an option (Example). It enables you to delete bonds on the peripheral by sending certain BLE commands from your app. However, I'm not aware of any API that lets you clear the bonding info on the iPhone (is possible on Android), that will probably require user interaction. 

  • 0 in reply to Vidar Berg

    Another related question: 

    Let's I deleted the bond on iOS side, after that, when I try to connect & do pairing on the peripheral side, the device will always get a PM_EVT_CONN_SEC_FAILED event, and never continue with the flow of prompting me for a passkey (I use passkey authentication).

    I am looking for a more graceful way to handle the condition, and automatically delete the bond on peripheral.  I can't always delete the bond upon PM_EVT_CONN_SEC_FAILED event.  In fact, I tried deleting the bond at the PM_EVT_CONN_SEC_FAILED event handler, and and the firmware just crashed.

  • +1 in reply to joeyh

    You may add the following "case" to pm_evt_handler() to allow bond refresh:

            case PM_EVT_CONN_SEC_CONFIG_REQ:
        {
            // Allow pairing request from an already bonded peer.
            pm_conn_sec_config_t conn_sec_config = {.allow_repairing = true};
            pm_conn_sec_config_reply(m_conn_handle, &conn_sec_config);
        } break;

    Note that this will enable a potential attacker to update an existing bond. So there is a trade-off between security and user-friendliness. 

Related