TLS 1.3 SSL

Hi,

The networking api in zephyr does not have support for tls v1.3:

https://github.com/nrfconnect/sdk-zephyr/blob/master/include/net/net_ip.h#L75-L81

However, if you use the nrf_* socket api directly, you can setup a socket with tls v1.3:

https://github.com/nrfconnect/sdk-nrfxlib/blob/v1.5.1/nrf_modem/include/nrf_socket.h#L120

Is there anything specific you want to do? 

Kind regards,

Håkon

Thanks, I saw the net_ip.h header file, however there is mention of I can use mbedtls, when I configure mbedtls, I get  undefined reference to `mbedtls_net_connect'

I need to interface to an API that has CA based on TLS 1.3(GlobalSign-RootCA-R3); I tried using the TLS1.2 https_client sample, with GlobaSign-RootCA -R2  but no luck

I have 3 options

1) mbedtls

2)wolfSSL

3) nrf_ *socket api

Please can you help me with mbedtls 

Regards

Yash

Hi,

My apologies, the nrf socket api will return not supported if you try to passthrough a tls v1.3 prototype.

Please also note that mbedtls does not support tls1v3:

https://tls.mbed.org/tech-updates/blog/working-towards-mbed-tls-3

yashchabria said:

I need to interface to an API that has CA based on TLS 1.3(GlobalSign-RootCA-R3); I tried using the TLS1.2 https_client sample, with GlobaSign-RootCA -R2  but no luck

I have 3 options

1) mbedtls

2)wolfSSL

3) nrf_ *socket api

 You sure you need TLS v1.3 to finish this request? It sounds like there's a problem with the Root CA, and not the tls version.

If you try setting this specific variable to "NONE", which will disable hostname verification?

(note: disable this purely for testing purposes) 

https://github.com/nrfconnect/sdk-nrf/blob/master/samples/nrf9160/https_client/src/main.c#L122

Kind regards,

Håkon

You are correct , my root CA was incorrect setup your example seems to work 

Thanks

Glad to hear that the issue was solved!

Cheers,

Håkon

Glad to hear that the issue was solved!

Cheers,

Håkon