HTTPS connection using AT#XHTTPCCON fails to connect to server

Hi!

First question, did you add CONFIG_SLM_HTTPC=y to the prj.conf file, to enable the HTTP module in the SLM application? 

In the meantime, I will take a look at the trace.

Best regards,

Heidi

The serial_lte_modem application does have the necessary configurations set:

#
# Copyright (c) 2020 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
# General config
CONFIG_LOG=y
CONFIG_LOG_DEFAULT_LEVEL=3
CONFIG_STACK_SENTINEL=y
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_FLOAT_PRINTF=y
CONFIG_RING_BUFFER=y

# Segger RTT
CONFIG_USE_SEGGER_RTT=y
CONFIG_RTT_CONSOLE=y
CONFIG_UART_CONSOLE=n
CONFIG_LOG_BACKEND_RTT=y
CONFIG_LOG_BACKEND_UART=n

# Network
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_NATIVE=n

# Modem library
CONFIG_NRF_MODEM_LIB=y
# Align the max FD entry to NRF_MODEM_MAX_SOCKET_COUNT(8)
CONFIG_POSIX_MAX_FDS=8
# Enable below for modem trace
CONFIG_NRF_MODEM_LIB_TRACE_ENABLED=y

# Use GPIO
CONFIG_GPIO=y
CONFIG_GPIO_NRFX=y
CONFIG_GPIO_NRF_P0=y

# UART interface
CONFIG_SERIAL=y
CONFIG_UART_ASYNC_API=y
CONFIG_NRFX_TIMER2=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# Stacks and heaps
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=16384
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096

# AT_CMD
# Enable AT_CMD debug for details
#CONFIG_AT_CMD_LOG_LEVEL_DBG=y
CONFIG_AT_CMD_RESPONSE_MAX_LEN=4096

# Device power management
CONFIG_DEVICE_POWER_MANAGEMENT=y

# Enable SUPL client support
#CONFIG_SUPL_CLIENT_LIB=y

# FOTA
CONFIG_HTTP_PARSER_URL=y
CONFIG_FOTA_DOWNLOAD=y
CONFIG_FOTA_DOWNLOAD_PROGRESS_EVT=y
CONFIG_DFU_TARGET=y
CONFIG_DOWNLOAD_CLIENT=y
CONFIG_DOWNLOAD_CLIENT_STACK_SIZE=4096
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_IMG_MANAGER=y
CONFIG_FLASH=y
CONFIG_IMG_ERASE_PROGRESSIVELY=y

#
# SLM-specific configurations
#
CONFIG_SLM_LOG_LEVEL_INF=y
# Configure external XTAL for UART
CONFIG_SLM_EXTERNAL_XTAL=n
# Enable GPIO wakeup if sleep is expected
#CONFIG_SLM_GPIO_WAKEUP=y
# Use UART_0 (when working with PC terminal)
CONFIG_UART_0_NRF_HW_ASYNC_TIMER=2
CONFIG_SLM_DATAMODE_HWFC=n
# Use UART_2 (when working with external MCU)
#CONFIG_SLM_CONNECT_UART_2=y
#CONFIG_UART_2_NRF_HW_ASYNC_TIMER=2

# Use optional GPS service
#CONFIG_SLM_GPS=y
# Use optional FTP client service
#CONFIG_SLM_FTPC=y
# Use optional MQTT client service
#CONFIG_SLM_MQTTC=y
# Use optional HTTP client service
CONFIG_SLM_HTTPC=y
# Enable Key Management Library
CONFIG_MODEM_KEY_MGMT=y

#Enable Debug symbols
CONFIG_DEBUG_OPTIMIZATIONS=y

Unfortunately, the trace is missing too much data to read anything from it, and it's also very short.

At least you don't get an error anymore. Can you use %CMNG to confirm that there are certificates stored in sec_tag 42?

I have added the AT%XMODEMTRACE=1,2 command to try and get the complete log.

trace-2021-05-13T09-14-16.834Z.bin

Here is the trace of the AT commands.

****************
Nordic AT Client
****************
COM /dev/ttyACM0 Open
AT
Ready
OK
AT#XSLMUART?
#XSLMUART: 115200
OK
AT+CFUN=0
OK
AT%XMODEMTRACE=1,2
OK
AT%CMNG=2,42,0
%CMNG: 42,0,"0000000000000000000000000000000000000000000000000000000000000000","-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
-----END CERTIFICATE-----"
AT%XSYSTEMMODE=0,1,0,2
OK
AT%XBANDLOCK=1,"111000000"
OK
AT%XDEEPSEARCH=1
OK
AT+CGDCONT=0,"IP","nbiot.vodacom.za"
OK
AT+COPS=0
OK
AT+CEREG=5
OK
AT+CFUN=21
OK
AT%XICCID
ERROR
Check SIM
AT+CPIN="3349"
OK
+CEREG: 2,"5209","0A19790D",9,0,0,"11100000","11100000"
+CEREG: 1,"5209","0A19790D",9,,,"11100000","00000110"
AT%XICCID
%XICCID: 89330000000020549718
OK
Waiting 1 sec
AT+CGDCONT?
+CGDCONT: 0,"IP","nbiot.vodacom.za","10.170.41.71",0,0
OK
AT#XHTTPCCON=1,"google.com",443,42"
AT#XHTTPCCON=0
Hit any key: 
AT+CFUN=0

Thank you! I have forwarded it to the modem team for analysis. 

Hi!

PR 4676 will fix the issue you're seeing.

Best regards,

Heidi

Thanks Heidi

I have update the sdk & serial_lte_modem application to Tag v1.6.0-rc2 which includes PR4676

I have obtain a new nRF9160 Development Kit with a "B1" = Revision 2 modem and loaded Modem firmware mfw_nrf9160_1.3.0.
I'm running the same AT commands as before but fails when it calls the connect function in the resolve_and_connect function

[00:00:32.326,385] <inf> httpc: Attempting to connect over IPv6
[00:00:32.327,209] <inf> httpc: Setting up TLS credentials
[00:00:32.328,765] <err> httpc: Unable to connect, errno 114
[00:00:32.708,679] <inf> httpc: Attempting to connect over IPv4
[00:00:32.709,991] <inf> httpc: Setting up TLS credentials
[00:00:32.956,939] <err> httpc: Unable to connect, errno 116
[00:00:32.965,850] <err> httpc: Fail to resolve and connect
[00:00:32.965,850] <err> httpc: server_connect fail.

Here is the trace log:trace-2021-06-15T10-03-27.815Z.bin

Thanks Heidi

I have update the sdk & serial_lte_modem application to Tag v1.6.0-rc2 which includes PR4676

I have obtain a new nRF9160 Development Kit with a "B1" = Revision 2 modem and loaded Modem firmware mfw_nrf9160_1.3.0.
I'm running the same AT commands as before but fails when it calls the connect function in the resolve_and_connect function

[00:00:32.326,385] <inf> httpc: Attempting to connect over IPv6
[00:00:32.327,209] <inf> httpc: Setting up TLS credentials
[00:00:32.328,765] <err> httpc: Unable to connect, errno 114
[00:00:32.708,679] <inf> httpc: Attempting to connect over IPv4
[00:00:32.709,991] <inf> httpc: Setting up TLS credentials
[00:00:32.956,939] <err> httpc: Unable to connect, errno 116
[00:00:32.965,850] <err> httpc: Fail to resolve and connect
[00:00:32.965,850] <err> httpc: server_connect fail.

Here is the trace log:trace-2021-06-15T10-03-27.815Z.bin

Unfortunately, there's not much information in the log. There are lots of traces missing like before.

1) A TCP connection is attempted and then 300 ms after that modem is deactivated when the response from the server might be still on its way.

Are you deactivating the modem on purpose that quickly?

2) Are you able to log the server-side? Is the TCP SYN from the modem visible in the server log?

Hi, 

It looks like you are using the wrong syntax when connecting to the server:

AT#XHTTPCCON=1,"google.com",443,42"

The last quote is not required. It should be

AT#XHTTPCCON=1,"google.com",443,42

I'm sending the AT#XHTTPCCON=1,"google.com",443,42 and then wait 30 seconds for a response.  After around 10 seconds the application returns with

#XHTTPCCON: 0
ERROR
AT#XHTTPCCON=0
ERROR

I do not deactivate the modem from the AT command side.  Is it doing it internally?

I'm trying to test an HTTPS connection to google.com, I do not have access to the server.

Included is a trace file from the modem where I don't send any other AT commands after the AT#XHTTPCCON=1,"google.com",443,42trace-2021-06-17T08-13-00.348Z.bin

Thanks yes I caught that typo

Thanks.

What happens if you try to connect to Google without TLS?

AT#XHTTPCCON=1,"google.com",80

This could tell us if it's a TCP issue, HTTP issue or a TLS issue.

Could you also show me the return of AT%CMNG=1?