TLS 1.3 SSL

I cannot find mbedtls_net_connect function

nrf9160ns\Debug/../../../src/main.c:81: undefined reference to `mbedtls_net_connect'

Hi,

The networking api in zephyr does not have support for tls v1.3:

https://github.com/nrfconnect/sdk-zephyr/blob/master/include/net/net_ip.h#L75-L81

However, if you use the nrf_* socket api directly, you can setup a socket with tls v1.3:

https://github.com/nrfconnect/sdk-nrfxlib/blob/v1.5.1/nrf_modem/include/nrf_socket.h#L120

Is there anything specific you want to do? 

Kind regards,

Håkon

Thanks, I saw the net_ip.h header file, however there is mention of I can use mbedtls, when I configure mbedtls, I get  undefined reference to `mbedtls_net_connect'

I need to interface to an API that has CA based on TLS 1.3(GlobalSign-RootCA-R3); I tried using the TLS1.2 https_client sample, with GlobaSign-RootCA -R2  but no luck

I have 3 options

1) mbedtls

2)wolfSSL

3) nrf_ *socket api

Please can you help me with mbedtls 

Regards

Yash

Hi,

My apologies, the nrf socket api will return not supported if you try to passthrough a tls v1.3 prototype.

Please also note that mbedtls does not support tls1v3:

https://tls.mbed.org/tech-updates/blog/working-towards-mbed-tls-3

yashchabria said:

I need to interface to an API that has CA based on TLS 1.3(GlobalSign-RootCA-R3); I tried using the TLS1.2 https_client sample, with GlobaSign-RootCA -R2  but no luck

I have 3 options

1) mbedtls

2)wolfSSL

3) nrf_ *socket api

 You sure you need TLS v1.3 to finish this request? It sounds like there's a problem with the Root CA, and not the tls version.

If you try setting this specific variable to "NONE", which will disable hostname verification?

(note: disable this purely for testing purposes) 

https://github.com/nrfconnect/sdk-nrf/blob/master/samples/nrf9160/https_client/src/main.c#L122

Kind regards,

Håkon

You are correct , my root CA was incorrect setup your example seems to work 

Thanks