Hello DevZone,
Perhip: PCA10040 SDK 15.0.0, SD 6.0.0
Central: PCA10056 SDK 15.0.0, SD 6.0.0
I am working on a BLE project and we need to make sure our link is secured.
I have followed some examples on how to setup a secure link and in my BLE_GAP_EVT_CONNECTED I call the following functions.
err_code = pm_conn_secure(p_gap_evt->conn_handle, false);
APP_ERROR_CHECK(err_code);
err_code = ble_handles_assign(&m_Central_c[p_gap_evt->conn_handle],
p_gap_evt->conn_handle,
NULL);
APP_ERROR_CHECK(err_code);
err_code = ble_db_discovery_start(&m_db_disc[p_gap_evt->conn_handle],
p_gap_evt->conn_handle);
if (err_code != NRF_ERROR_BUSY)
{
APP_ERROR_CHECK(err_code);
}
I can see using the BLE sniffer that a link encryption is requested but the entire discovery phase is still unencrypted. The data transmitted between the central and peripheral is encrypted. If I run the encrypted example everything after the pairing request is encrypted.
If I delete the bonding on one of the devices and dont force repairing I see that the master sends out a pariring request with bonding, MITM, secure connection.
How does it come that the discovery phase isnt secured?
