• State Not Answered
  • Replies 3 replies
  • Subscribers 75 subscribers
  • Views 862 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 275663
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

TLS not working without certificate provisioning

royalbee

Hi,

On our new type of 9160 based boards, we failed to create a connection with TLS socket.
After creating a TLS socket Without peer verification, and trying to connect with that socket, we always got error 95 (operation not supported).

Trying to locate the source of the problem, we tried to run the https_client sample (which is available on the connect-SDK), since it's a simplifies code.
First we ran it with a modification that uses TLS without peer verification, and got the same error that we got in our application, and then we ran it with peer verification (that included proper certificate provisioning) and it worked (the TLS socket successfully connected with peer verification).

The surprising thing was that after running that code with peer-verification, TLS socket without peer verification started to work as well !
And that behavior was consistent in all our boards.

Is there an obligation to provision at least one certificate and use it with peer verification, before using TLS sockets ?


Note that we could not reproduce the problem on 9160-DK (only on our boards).
We used connect-SDK version 1.5.1
and modem FW version 1.3.0


Thanks in advance..

Parents
  • 0

    Hello again,

    nRF91 does not support TLS without a certificate. At minimum, a PSK or Root CA is needed for opening the TLS connection.

    Peer verification is an optional method, where client and server certificates are verified. Even when a TLS connection is opened without peer verification there is a need to have either correct PSK or Root CA in the device.

    Probably one of the sample applications has stored a Root CA to the device and after that TLS connections have successfully opened.

    In summary: There must be a certificate installed in the device before opening a TLS connection with or without of peer verification.

    Regards,

    Markus

Reply
  • 0

    Hello again,

    nRF91 does not support TLS without a certificate. At minimum, a PSK or Root CA is needed for opening the TLS connection.

    Peer verification is an optional method, where client and server certificates are verified. Even when a TLS connection is opened without peer verification there is a need to have either correct PSK or Root CA in the device.

    Probably one of the sample applications has stored a Root CA to the device and after that TLS connections have successfully opened.

    In summary: There must be a certificate installed in the device before opening a TLS connection with or without of peer verification.

    Regards,

    Markus

Children
No Data
Related
Terms of service