• State Not Answered
  • Replies 3 replies
  • Subscribers 92 subscribers
  • Views 785 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 290481
Options

What encryption algorithm does asset tracker v2 use for AWS IOT

Dev123

When connecting to AWS IOT the Asset Tracker V2 uses MQTT to AWS-IOT. This is TLS 1.2 from what I understand. We are using the 1.8 skd / 1.3.1 modem firmware.

We have a customer asking what exact encryption algorithm that is used. I have not seen this in the documentation, have only seen a list of supported algorithms. 

What is the algorithm used by default and where can I find that in code or settings?

Parents
  • 0

    Hello, 

    I have not seen this in the documentation, have only seen a list of supported algorithms. 

    Yes, that looks correct. I was not able to find the information regarding the TLS cipher suite in the nRF Connect SDK documentation, only what is support in the AWS IoT Core documentation. 

    I have forwarded the question to our apps team and will get back to you within tomorrow. 

    Kind regards,
    Øyvind

Reply
  • 0

    Hello, 

    I have not seen this in the documentation, have only seen a list of supported algorithms. 

    Yes, that looks correct. I was not able to find the information regarding the TLS cipher suite in the nRF Connect SDK documentation, only what is support in the AWS IoT Core documentation. 

    I have forwarded the question to our apps team and will get back to you within tomorrow. 

    Kind regards,
    Øyvind

Children
  • 0 in reply to Øyvind

    Slight correction, the supported TLS cipher suite in nRF9160 modem, found under Feature brief.

    mbed TLS Name / NIST Name
Value
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
{0xC0,0x24}
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA  
{0xC0,0x0A}
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
{0xC0,0x23}
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA 
{0xC0,0x09}
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA        
{0xC0,0x14}
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256   
{0xC0,0x27}
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA      
{0xC0,0x13}
TLS-PSK-WITH-AES-256-CBC-SHA     
{0x00,0x8D}
TLS-PSK-WITH-AES-128-CBC-SHA256  
{0x00,0xAE}
TLS-PSK-WITH-AES-128-CBC-SHA
{0x00,0x8C}
TLS-PSK-WITH-AES-128-CCM-8
{0xC0,0xA8}
TLS-EMPTY-RENEGOTIATIONINFO-SCSV	{0x00,0xFF}
In addition to the list above, Modem Firmware v1.3.x >= 1 and Modem Firmware v1.2.x >= 7 also supports:
mbed TLS Name / NIST Name
Value
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
{0xC0,0x2B}
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
{0xC0,0x30}
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0,0x2F}

  • 0 in reply to Øyvind

    Hello again, sorry for the late reply. I have been out of office.

    It is the server that chooses the cipher value.

    Looking at modem trace in Wireshark we can see the "client hello" presenting available cipher suites, then the "server hello" responds with wanted cipher suite. E.g.:

    Kind regards,
    Øyvind

Related
Terms of service