I have recently upgraded from NCS 1.5.0 to 1.8.0 and noticed that the native TLS stack (vanilla mbedtls) was no longer being used for TLS based sessions.
My use case requires use to use MBedTLS on the application core due to limitations of the modem TLS stack.
My current prj.conf around sockets is below
CONFIG_NETWORKING=y CONFIG_NET_OFFLOAD=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_OFFLOAD=y CONFIG_NET_SOCKETS_OFFLOAD_TLS=n CONFIG_NET_SOCKETS_POSIX_NAMES=y CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
When I went digging around I found this commit to be what is breaking it https://github.com/nrfconnect/sdk-nrf/commit/27e7ebd847222ba0c7dd923add62558ffe57c4aa
As I am using the azure_iot_hub and fota_download libs, I don't have access to setting SOCK_NATIVE_TLS when opening the socket so couldn't see a way of getting this working again without changing NCS sources.
To fix my issue, I had to readd the below to nrf91_socket_is_supported
static bool nrf91_socket_is_supported(int family, int type, int proto)
{
if (IS_ENABLED(CONFIG_NET_SOCKETS_PACKET) &&
family == AF_PACKET && type == SOCK_RAW && proto == IPPROTO_RAW) {
/* This kind of socket combo is handled by zephyr packet socket: */
return false;
}
if (IS_ENABLED(CONFIG_NET_SOCKETS_OFFLOAD_TLS)) {
return true;
}
if ((proto >= IPPROTO_TLS_1_0 && proto <= IPPROTO_TLS_1_2) ||
(proto >= IPPROTO_DTLS_1_0 && proto <= IPPROTO_DTLS_1_2)) {
return false;
}
if (offload_disabled) {
return false;
}
if (tls_offload_disabled && proto_is_secure(proto)) {
return false;
}
return true;
}
