Adaption to TCP+TLS on top of OpenThread.

Hi All,

I am currently working on establishing a thread network to communicate to our http server: In order to setting up that I took echo_client and http_client sample and adapted to our need. Below diagram is my network configuration with RPi connected with ethernet. 

I was successful in pinging the http server from thread network. Here I wanted to send TCP packets to remote server via OT network. 

I am novice to networking topics so it is really hard for me to understand and interpret the logs from the thread device. Below given is the log from the one node:

[00:00:00.396,331] <inf> ieee802154_nrf5: nRF5 802154 radio initialized
[00:00:00.396,728] <dbg> net_tcp: net_tcp_init: (main): Workq started. Thread ID: 0x20008378
[00:00:00.411,651] <inf> fs_nvs: 2 Sectors of 4096 bytes
[00:00:00.411,682] <inf> fs_nvs: alloc wra: 0, fe8
[00:00:00.411,682] <inf> fs_nvs: data wra: 0, 0
[00:00:00.412,994] <inf> net_l2_openthread: State changed! Flags: 0x00038200 Current role: disabled
[00:00:00.418,487] <inf> net_config: Initializing network
[00:00:00.418,487] <inf> net_config: Waiting interface 1 (0x20000a08) to be up...
[00:00:30.419,189] <err> net_config: Timeout while waiting network interface
[00:00:30.419,219] <err> net_config: Network initialization failed (-115)
[00:00:30.419,525] <inf> in3_ot: Waiting for host to be ready to communicate
[00:00:30.423,675] <inf> usb_cdc_acm: Device suspended
[00:00:30.621,520] <inf> usb_cdc_acm: Device resumed
[00:00:30.737,701] <inf> usb_cdc_acm: Device suspended
[00:00:30.945,312] <inf> usb_cdc_acm: Device resumed
[00:00:31.006,927] <inf> usb_cdc_acm: Device configured
[00:00:44.243,072] <inf> net_l2_openthread: State changed! Flags: 0x00004000 Current role: disabled
[00:00:44.243,713] <inf> net_l2_openthread: State changed! Flags: 0x00020000 Current role: disabled
[00:00:44.243,804] <inf> net_l2_openthread: State changed! Flags: 0x00040000 Current role: disabled
[00:00:44.243,896] <inf> net_l2_openthread: State changed! Flags: 0x00000100 Current role: disabled
[00:00:44.247,131] <inf> net_l2_openthread: State changed! Flags: 0x00010000 Current role: disabled
[00:00:44.247,222] <inf> net_l2_openthread: State changed! Flags: 0x00008000 Current role: disabled
[00:00:44.247,741] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: disabled
[00:00:44.247,985] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: disabled
[00:00:44.249,053] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: disabled
[00:00:44.249,237] <wrn> net_l2_openthread: No address info provided with event, please enable CONFIG_NET_MGMT_EVENT_INFO
[00:00:44.249,267] <wrn> net_l2_openthread: No address info provided with event, please enable CONFIG_NET_MGMT_EVENT_INFO
[00:00:44.249,389] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: disabled
[00:00:44.249,450] <wrn> net_l2_openthread: No address info provided with event, please enable CONFIG_NET_MGMT_EVENT_INFO
[00:00:44.249,542] <inf> net_l2_openthread: State changed! Flags: 0x00000008 Current role: disabled
[00:00:44.249,664] <inf> net_l2_openthread: State changed! Flags: 0x01000000 Current role: disabled
[00:00:44.249,786] <inf> net_l2_openthread: State changed! Flags: 0x00000004 Current role: detached
[00:00:44.249,938] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: detached
[00:00:44.250,030] <wrn> net_l2_openthread: No address info provided with event, please enable CONFIG_NET_MGMT_EVENT_INFO
[00:00:44.250,152] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: detached
[00:00:44.250,274] <wrn> net_l2_openthread: No address info provided with event, please enable CONFIG_NET_MGMT_EVENT_INFO
[00:00:44.250,396] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: detached
[00:00:44.250,549] <wrn> net_l2_openthread: No address info provided with event, please enable CONFIG_NET_MGMT_EVENT_INFO
[00:00:44.250,640] <inf> net_l2_openthread: State changed! Flags: 0x00000010 Current role: detached
[00:00:44.251,373] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: detached
[00:00:46.497,467] <inf> net_l2_openthread: State changed! Flags: 0x200012a4 Current role: child
[00:00:46.497,741] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: child
[00:00:46.497,863] <wrn> net_l2_openthread: No address info provided with event, please enable CONFIG_NET_MGMT_EVENT_INFO
[00:00:46.497,894] <wrn> net_l2_openthread: No address info provided with event, please enable CONFIG_NET_MGMT_EVENT_INFO
[00:00:46.497,955] <dbg> in3_ot: ping_send: Ping Server:
[00:00:46.497,985] <dbg> in3_ot: print_ipv6_address: Mesh Local EID Address: fd97.6739.093e.0002.0000.0000.a756.5ef8
[00:00:46.498,596] <dbg> in3_ot: ping_send: ping send response:0
[00:00:46.498,626] <dbg> main: main: Connected to thread network
[00:00:46.499,145] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x20033d58, ref_count: 1
[00:00:46.499,176] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x20033d58
[00:00:46.499,389] <dbg> net_tcp: net_tcp_connect: (main): context: 0x20013814, local: ::, remote: fd97:6739:93e:2::a756:5ef8
[00:00:46.499,542] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20033d58 src: fd11:22::271f:b127:ea60:6f99, dst: fd97:6739:93e:2::a756:5ef8
[00:00:46.499,664] <dbg> net_tcp: tcp_in: (main):  [LISTEN Seq=1723021025 Ack=0]
[00:00:46.499,938] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=1723021025 Len=0
[00:00:46.500,091] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=1723021025 Len=0 
[00:00:46.500,305] <dbg> net_tcp: tcp_send: (main): SYN Seq=1723021025 Len=0
[00:00:46.500,671] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
[00:00:46.567,230] <dbg> net_tcp: tcp_in: (rx_q[0]): ACK,RST Seq=0 Ack=1723021026 Len=0 [SYN_SENT Seq=1723021026 Ack=0]
[00:00:46.567,260] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN_SENT->CLOSED
[00:00:46.567,352] <dbg> net_tcp: tcp_conn_unref_debug: (rx_q[0]): conn: 0x20033d58, ref_count=1 (tcp_in():2513)
[00:00:46.567,382] <dbg> net_tcp: tcp_conn_unref_debug: (rx_q[0]): conn: 0x20033d58 is waiting on connect semaphore
[00:00:46.573,516] <dbg> in3_ot: ping_reply_cb: Ping reply
[00:00:46.573,547] <dbg> in3_ot: print_ipv6_address: Mesh Local EID Address: fd97.6739.093e.0002.0000.0000.a756.5ef8

Can someone tell me what is happening here and what I did wrong or not taken into my consideration. 


Vipin Das

  • Hi,

    Can you share the code where you are sending the packet?

    Did you set CONFIG_OPENTHREAD_TCP_ENABLE=y in prj.conf?

    Best regards,


  • Hi Marte,

    Yes I set the CONFIG_OPENTHREAD_TCP_ENABLE=y in my pro.conf. 

    My pro.conf:

    # Network shell
    # Default PRNG entropy for nRF53 Series devices is CSPRNG CC312
    # which for that purpose is too slow yet
    # Use Xoroshiro128+ as PRNG
    # Logging
    # Enable the frame encryption feature in the radio driver, it's required for proper working
    # Generic networking options
    CONFIG_NET_UDP=y # Required for getting UTC time 
    # OpenThread TCP
    # HTTP
    # Network sockets
    ##### OPENTHREAD #####
    # Enable OpenThread features set
    # Select OpenThread nRF Security backends
    # Enable Thread 1.2 features
    # Local IPV4/IPV6 address config
    # Server IPV4/IPV6 address config
    #Socket settings
    #MBEDTLS and security configuration 
    # TLS configuration
    # certificate must fit into one message, fragmenting is not supported

    As I mentioned above, I have tried using echo_client sample as well as http_client sample. 

    code snippet from http_client:

    static int send_https_post(char* msg, int len) {
      struct sockaddr_in6 addr6;
      int                 sock6   = -1;
      int32_t             timeout = 3 * MSEC_PER_SEC;
      int                 ret     = 0;
      int                 port    = HTTP_PORT;
      ret = tls_credential_add(CA_CERTIFICATE_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, ca_certificate, sizeof(ca_certificate));
      if (ret < 0) {
        LOG_ERR("Failed to register public certificate: %d", ret);
        return ret;
      port = HTTPS_PORT;
        ret = connect_socket(AF_INET6, SERVER_ADDR6, port, &sock6, (struct sockaddr*) &addr6, sizeof(addr6));
        if (ret < 0) {
          LOG_ERR("Failed to connect to socket");
          return ret;
      if (sock6 < 0) {
        LOG_ERR("Cannot create HTTP connection.");
        return -ECONNABORTED;
    #if 1
      if (sock6 >= 0 && IS_ENABLED(CONFIG_NET_IPV6)) {
        struct http_request req;
        memset(&req, 0, sizeof(req));
        req.method       = HTTP_POST;
        req.url          = "/";         = SERVER_ADDR6;
        req.protocol     = "HTTP/1.1";
        req.payload      = msg;
        req.payload_len  = len;
        req.response     = server_response_cb;
        req.recv_buf     = recv_buf_ipv6;
        req.recv_buf_len = sizeof(recv_buf_ipv6);
        ret              = http_client_req(sock6, &req, timeout, "IPv6 POST");
      return ret;

    code snippet from echo_client:

    static ssize_t sendall(int sock, const void* buf, size_t len) {
      while (len) {
        ssize_t out_len = send(sock, buf, len, 0);
        if (out_len < 0) {
          return out_len;
        buf = (const char*) buf + out_len;
        len -= out_len;
      return 0;
    static int send_tcp_request(struct netif_info* netif, char* msg, int msg_len) {
      int ret;
      LOG_DBG("send tcp packet");
      do {
        netif->tcp.expecting = sys_rand32_get() % msg_len;
      } while (netif->tcp.expecting == 0U);
      netif->tcp.received = 0U;
      ret = sendall(netif->tcp.sock, msg, netif->tcp.expecting);
      if (ret < 0) {
        LOG_ERR("%s TCP: Failed to send data, errno %d", netif->proto, errno);
      else {
        LOG_DBG("%s TCP: Sent %d bytes", netif->proto, netif->tcp.expecting);
      return ret;

    Adding few more logs from http client sample: 

    1. Log without TLS: 

    [00:00:46.867,492] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x20031098, ref_count: 1
    [00:00:46.867,553] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x20031098
    [00:00:46.867,584] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x200109f8, fd=0
    [00:00:46.867,736] <dbg> net_ctx: net_context_bind: (main): Context 0x200109f8 binding to TCP [::]:41102 iface 1 (0x20000ab0)
    [00:00:46.867,828] <dbg> net_tcp: net_tcp_connect: (main): context: 0x200109f8, local: ::, remote: fd97:6739:93e:2::a756:5ef8
    [00:00:46.867,950] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20031098 src: fd11:22::b348:1bf4:ff33:58ce, dst: fd97:6739:93e:2::a756:5ef8
    [00:00:46.868,103] <dbg> net_conn: conn_register_debug: (main): [0x20010e94/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/80 
    [00:00:46.868,133] <dbg> net_conn: conn_register_debug: (main):   local ::/41102 cb 0x16e91 ud 0x200109f8
    [00:00:46.868,286] <dbg> net_tcp: tcp_in: (main):  [LISTEN Seq=1626007064 Ack=0]
    [00:00:46.868,530] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=1626007064 Len=0
    [00:00:46.868,713] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=1626007064 Len=0 
    [00:00:46.868,927] <dbg> net_tcp: tcp_send: (main): SYN Seq=1626007064 Len=0
    [00:00:46.869,049] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
    [00:00:46.871,093] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x20030448 src port 80 dst port 34062 family 2
    [00:00:46.871,124] <dbg> net_conn: net_conn_input: (rx_q[0]): No match found.
    [00:00:46.922,668] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x20030448 src port 80 dst port 41102 family 2
    [00:00:46.922,729] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x20010e94] match found cb 0x16e91 ud 0x200109f8 rank 0x3f
    [00:00:46.923,065] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=1973167572 Ack=1626007065 Len=0 [SYN_SENT Seq=1626007065 Ack=0]
    [00:00:46.923,095] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
    [00:00:46.923,126] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
    [00:00:46.923,156] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
    [00:00:46.923,217] <dbg> net_tcp: tcp_in: (rx_q[0]): Lowering send window from 64240 to 1280
    [00:00:46.923,248] <dbg> net_tcp: tcp_window_full: (rx_q[0]): conn: 0x20031098 window_full=0
    [00:00:46.923,400] <dbg> net_tcp: tcp_send_timer_cancel: (rx_q[0]): SYN Seq=1626007064 Len=0
    [00:00:46.923,706] <dbg> net_tcp: tcp_out_ext: (rx_q[0]): ACK Seq=1626007065 Ack=1973167573 Len=0
    [00:00:46.923,919] <dbg> net_tcp: tcp_send_process_no_lock: (rx_q[0]): ACK Seq=1626007065 Ack=1973167573 Len=0 
    [00:00:46.924,102] <dbg> net_tcp: tcp_send: (rx_q[0]): ACK Seq=1626007065 Ack=1973167573 Len=0
    [00:00:46.924,224] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN_SENT->ESTABLISHED
    [00:00:46.924,468] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20031098, ret=0
    [00:00:46.924,499] <dbg> net_tcp: net_tcp_recv: (main): context: 0x200109f8, cb: 0x9be9, user_data: (nil)
    [00:00:46.924,682] <dbg> net_tcp: net_tcp_recv: (main): context: 0x200109f8, cb: 0x9be9, user_data: (nil)
    [00:00:46.924,804] <dbg> net_tcp: tcp_window_full: (main): conn: 0x20031098 window_full=0
    [00:00:46.924,835] <dbg> net_tcp: net_tcp_queue_data: (main): conn: 0x20031098 Queued 75 bytes (total 75)
    [00:00:46.924,865] <dbg> net_tcp: tcp_unsent_len: (main): unsent_len=75
    [00:00:46.925,262] <dbg> net_tcp: tcp_out_ext: (main): ACK,PSH Seq=1626007065 Ack=1973167573 Len=75
    [00:00:46.925,476] <dbg> net_tcp: tcp_send_process_no_lock: (main): ACK,PSH Seq=1626007065 Ack=1973167573 Len=75 
    [00:00:46.925,689] <dbg> net_tcp: tcp_send: (main): ACK,PSH Seq=1626007065 Ack=1973167573 Len=75
    [00:00:46.925,781] <dbg> net_tcp: tcp_send_data: (main): conn: 0x20031098 total=75, unacked_len=75, send_win=1280, mss=1280
    [00:00:46.925,811] <dbg> net_tcp: tcp_send_data: (main): conn: 0x20031098 send_data_timer=0, send_data_retries=0
    [00:00:46.925,842] <dbg> net_tcp: tcp_unsent_len: (main): unsent_len=0
    [00:00:46.925,903] <dbg> net_tcp: tcp_window_full: (main): conn: 0x20031098 window_full=0
    [00:00:46.925,964] <dbg> net_tcp: net_tcp_recv: (main): context: 0x200109f8, cb: 0x9be9, user_data: (nil)
    [00:00:46.926,086] <dbg> net_tcp: tcp_window_full: (main): conn: 0x20031098 window_full=0
    [00:00:46.926,116] <dbg> net_tcp: net_tcp_queue_data: (main): conn: 0x20031098 Queued 7 bytes (total 82)
    [00:00:46.926,147] <dbg> net_tcp: tcp_unsent_len: (main): unsent_len=7
    [00:00:46.926,208] <dbg> net_tcp: tcp_unsent_len: (main): unsent_len=7
    [00:00:46.926,239] <dbg> net_tcp: tcp_window_full: (main): conn: 0x20031098 window_full=0
    [00:00:46.983,062] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x20030448 src port 80 dst port 41102 family 2
    [00:00:46.983,093] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x20010e94] match found cb 0x16e91 ud 0x200109f8 rank 0x3f
    [00:00:46.983,428] <dbg> net_tcp: tcp_in: (rx_q[0]): RST Seq=1973167573 Len=0 [ESTABLISHED Seq=1626007065 Ack=1973167573]
    [00:00:46.983,459] <dbg> net_tcp: tcp_in: (rx_q[0]): ESTABLISHED->CLOSED
    [00:00:46.983,551] <dbg> net_tcp: tcp_conn_unref_debug: (rx_q[0]): conn: 0x20031098, ref_count=1 (tcp_in():2513)
    [00:00:46.983,581] <dbg> net_conn: net_conn_unregister: (rx_q[0]): Connection handler 0x20010e94 removed
    [00:00:46.983,612] <dbg> net_sock: zsock_received_cb: (rx_q[0]): ctx=0x200109f8, pkt=(nil), st=-104, user_data=(nil)
    [00:00:46.983,673] <dbg> net_sock: zsock_received_cb: (rx_q[0]): Marked socket 0x200109f8 as peer-closed
    [00:00:46.984,008] <dbg> net_sock: zsock_recv_stream: (main): NULL return from fifo
    [00:00:46.984,039] <dbg> net_sock: z_impl_zsock_close: (main): close: ctx=0x200109f8, fd=0
    [00:00:46.984,100] <dbg> net_tcp: net_tcp_recv: (main): context: 0x200109f8, cb: (nil), user_data: (nil)
    [00:00:46.984,130] <dbg> net_tcp: net_tcp_unref: (main): context: 0x200109f8, conn: (nil)
    [00:00:46.984,161] <dbg> net_ctx: net_context_unref: (main): Context 0x200109f8 released
    [00:00:47.040,374] <dbg> main: main: Error sending rpc request: The request could not be send!
    [00:00:47.042,419] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x200304b0 src port 80 dst port 41102 family 2
    [00:00:47.042,449] <dbg> net_conn: net_conn_input: (rx_q[0]): No match found.
    [00:00:49.501,647] <inf> net_l2_openthread: State changed! Flags: 0x00000064 Current role: router

    2. Log with TLS:

    [00:00:31.012,329] <inf> usb_cdc_acm: Device configured
    [00:00:56.555,480] <inf> net_l2_openthread: State changed! Flags: 0x00004000 Current role: disabled
    [00:00:56.556,121] <inf> net_l2_openthread: State changed! Flags: 0x00020000 Current role: disabled
    [00:00:56.556,213] <inf> net_l2_openthread: State changed! Flags: 0x00040000 Current role: disabled
    [00:00:56.556,304] <inf> net_l2_openthread: State changed! Flags: 0x00000100 Current role: disabled
    [00:00:56.559,539] <inf> net_l2_openthread: State changed! Flags: 0x00010000 Current role: disabled
    [00:00:56.559,631] <inf> net_l2_openthread: State changed! Flags: 0x00008000 Current role: disabled
    [00:00:56.560,150] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: disabled
    [00:00:56.560,394] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: disabled
    [00:00:56.561,462] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: disabled
    [00:00:56.561,798] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: disabled
    [00:00:56.561,981] <inf> net_l2_openthread: State changed! Flags: 0x00000008 Current role: disabled
    [00:00:56.562,133] <inf> net_l2_openthread: State changed! Flags: 0x01000000 Current role: disabled
    [00:00:56.562,255] <inf> net_l2_openthread: State changed! Flags: 0x00000004 Current role: detached
    [00:00:56.562,377] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: detached
    [00:00:56.562,622] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: detached
    [00:00:56.562,866] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: detached
    [00:00:56.563,110] <inf> net_l2_openthread: State changed! Flags: 0x00000010 Current role: detached
    [00:00:56.563,842] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: detached
    [00:00:59.231,292] <inf> net_l2_openthread: State changed! Flags: 0x200012a4 Current role: child
    [00:00:59.231,567] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: child
    [00:00:59.231,842] <dbg> in3_ot: sendOpenThreadPing: Ping Server:
    [00:00:59.231,872] <dbg> in3_ot: printIpv6Address: Mesh Local EID Address: fd97.6739.093e.0002.0000.0000.a756.5ef8
    [00:00:59.232,482] <dbg> in3_ot: sendOpenThreadPing: ping send response:0
    [00:00:59.232,696] <dbg> http_client: in3_register_https_client: in3 register https
    [00:00:59.264,526] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20005098
    [00:00:59.264,831] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x20034228, ref_count: 1
    [00:00:59.264,862] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x20034228
    [00:00:59.264,892] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x20013a0c, fd=1
    [00:00:59.265,075] <dbg> net_ctx: net_context_bind: (main): Context 0x20013a0c binding to TCP [::]:40289 iface 1 (0x20000ab8)
    [00:00:59.265,167] <dbg> net_tcp: net_tcp_connect: (main): context: 0x20013a0c, local: ::, remote: fd97:6739:93e:2::a756:5ef8
    [00:00:59.265,289] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20034228 src: fd11:22::ad23:b907:951b:2e7e, dst: fd97:6739:93e:2::a756:5ef8
    [00:00:59.265,441] <dbg> net_conn: conn_register_debug: (main): [0x20013ea8/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/4443 
    [00:00:59.265,472] <dbg> net_conn: conn_register_debug: (main):   local ::/40289 cb 0x186dd ud 0x20013a0c
    [00:00:59.265,594] <dbg> net_tcp: tcp_in: (main):  [LISTEN Seq=695962656 Ack=0]
    [00:00:59.265,869] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=695962656 Len=0
    [00:00:59.266,021] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=695962656 Len=0 
    [00:00:59.266,235] <dbg> net_tcp: tcp_send: (main): SYN Seq=695962656 Len=0
    [00:00:59.266,601] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
    [00:00:59.321,868] <dbg> in3_ot: pingResponseCallback: Ping reply
    [00:00:59.321,868] <dbg> in3_ot: printIpv6Address: Mesh Local EID Address: fd97.6739.093e.0002.0000.0000.a756.5ef8
    [00:00:59.339,538] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x200335d8 src port 4443 dst port 40289 family 2
    [00:00:59.339,569] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x20013ea8] match found cb 0x186dd ud 0x20013a0c rank 0x3f
    [00:00:59.339,874] <dbg> net_tcp: tcp_in: (rx_q[0]): ACK,RST Seq=0 Ack=695962657 Len=0 [SYN_SENT Seq=695962657 Ack=0]
    [00:00:59.339,935] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN_SENT->CLOSED
    [00:00:59.339,996] <dbg> net_tcp: tcp_conn_unref_debug: (rx_q[0]): conn: 0x20034228, ref_count=1 (tcp_in():2513)
    [00:00:59.340,026] <dbg> net_tcp: tcp_conn_unref_debug: (rx_q[0]): conn: 0x20034228 is waiting on connect semaphore
    [00:00:59.790,802] <inf> net_l2_openthread: State changed! Flags: 0x00000064 Current role: router
    [00:01:02.266,754] <dbg> net_tcp: tcp_conn_unref_debug: (main): conn: 0x20034228, ref_count=1 (net_tcp_connect():2856)
    [00:01:02.266,784] <dbg> net_conn: net_conn_unregister: (main): Connection handler 0x20013ea8 removed
    [00:01:02.266,906] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20034228, ret=-116
    [00:01:02.266,967] <err> http_client: Cannot connect to IPv6 remote (-116)
    [00:01:02.266,967] <err> http_client: Failed to connect to socket
    [00:01:02.266,998] <dbg> http_client: run_https_post: starting tcp failed
    [00:01:02.349,914] <err> http_client: Failed to register public certificate: -17
    [00:01:02.349,914] <dbg> http_client: run_https_post: starting tcp failed
    [00:01:02.433,593] <err> http_client: Failed to register public certificate: -17
    [00:01:02.433,593] <dbg> http_client: run_https_post: starting tcp failed
    [00:01:02.517,425] <err> http_client: Failed to register public certificate: -17
    [00:01:02.517,456] <dbg> http_client: run_https_post: starting tcp failed
    [00:01:02.601,287] <err> http_client: Failed to register public certificate: -17
    [00:01:02.601,318] <dbg> http_client: run_https_post: starting tcp failed
    [00:01:02.685,150] <err> http_client: Failed to register public certificate: -17
    [00:01:02.685,150] <dbg> http_client: run_https_post: starting tcp failed
    [00:01:02.769,165] <err> http_client: Failed to register public certificate: -17
    [00:01:02.769,195] <dbg> http_client: run_https_post: starting tcp failed
    [00:01:02.825,836] <dbg> main: main: Error sending rpc request: The request could not be send!


    VIpin Das

  • Hi Marte, 

    Yes this is the same log after TCP got worked. For this log I just enabled the CONFIG_NET_SOCKETS_SOCKOPT_TLS=y. Don't get confuse with that particular log. That is something I added. 

    ret = connect(*sock, addr, addr_len);
      if (ret < 0) {
        LOG_ERR("Cannot connect to %s remote (%d)", family == AF_INET ? "IPv4" : "IPv6", -errno);
        ret = -errno;

    This time it fails at this connect to TLS socket but socket creation is success(socket(family, SOCK_STREAM, IPPROTO_TLS_1_2)). 


    Vipin Das

  • Hi,

    So your example is unchanged other than enabling CONFIG_NET_SOCKETS_SOCKOPT_TLS?

    Is mbedTLS (CONFIG_MBEDTLS) enabled? Do you have any functionality for TLS? Are you using the correct credentials (certification and private key)?

    Best regards,


  • Hi Marte,

    Yes you are right. My config related to TLS shared below. 

    #Socket settings
    #MBEDTLS and security configuration 
    # TLS configuration
    # certificate must fit into one message, fragmenting is not supported

    No I don't think I have any functionality for TLS at the moment. 

    Please consider me a novice user in networking topics. This is 1st time I am working on TLS socket connection. I just followed some of the existing samples and few discussions. I don't really understand about the certification and private key that you mentioned above. I have created the ca_cert.der for the server and it looks similar like below. 

    "-----BEGIN CERTIFICATE-----\n"
    "-----END CERTIFICATE-----\n"
    "-----BEGIN CERTIFICATE-----\n"
    "-----END CERTIFICATE-----\n"
    "-----BEGIN CERTIFICATE-----\n"
    "-----END CERTIFICATE-----\n"

    You can share me any proper TLS sample where I can take a look and get inspired to make my application working 


    Vipin Das

  • Hi Marte,

    I have added the tis_credential_add() to add the downloaded server certificate to authenticate the remote server. After adding that connect error is -22 (EINVAL). 

    [00:01:57.147,583] <dbg> http_client: in3_register_https_client: in3 register https
    [00:01:57.180,664] <dbg> http_client: setup_socket: Setup socket info: Server address: fd97:6739:93e:2:0:0:A756:5EF8
    [00:01:57.180,847] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20003478
    [00:01:57.181,152] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x2002d020, ref_count: 1
    [00:01:57.181,182] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x2002d020
    [00:01:57.181,274] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x2001031c, fd=1
    [00:01:57.181,457] <dbg> net_tcp: net_tcp_connect: (main): context: 0x2001031c, local: ::, remote: fd97:6739:93e:2::a756:5ef8
    [00:01:57.181,640] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x2002d020 src: fd97:6739:93e:1:8ea6:548e:c791:187, dst: fd97:6739:93e:2::a756:5ef8
    [00:01:57.181,762] <dbg> net_conn: conn_register_debug: (main): [0x200107b8/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/443
    [00:01:57.181,823] <dbg> net_conn: conn_register_debug: (main):   local ::/35905 cb 0x16c01 ud 0x2001031c
    [00:01:57.181,945] <dbg> net_tcp: tcp_in: (main):  [LISTEN Seq=1369800138 Ack=0]
    [00:01:57.182,220] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=1369800138 Len=0
    [00:01:57.182,373] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=1369800138 Len=0
    [00:01:57.182,617] <dbg> net_tcp: tcp_send: (main): SYN Seq=1369800138 Len=0
    [00:01:57.183,319] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
    [00:01:57.231,292] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x2002c3d0 src port 443 dst port 35905 family 2
    [00:01:57.231,323] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x200107b8] match found cb 0x16c01 ud 0x2001031c rank 0x3f
    [00:01:57.231,658] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=3663983358 Ack=1369800139 Len=0 [SYN_SENT Seq=1369800139 Ack=0]
    [00:01:57.231,689] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
    [00:01:57.231,719] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
    [00:01:57.231,750] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
    [00:01:57.231,781] <dbg> net_tcp: tcp_in: (rx_q[0]): Lowering send window from 64240 to 3413
    [00:01:57.231,811] <dbg> net_tcp: tcp_window_full: (rx_q[0]): conn: 0x2002d020 window_full=0
    [00:01:57.231,964] <dbg> net_tcp: tcp_send_timer_cancel: (rx_q[0]): SYN Seq=1369800138 Len=0
    [00:01:57.232,299] <dbg> net_tcp: tcp_out_ext: (rx_q[0]): ACK Seq=1369800139 Ack=3663983359 Len=0
    [00:01:57.232,482] <dbg> net_tcp: tcp_send_process_no_lock: (rx_q[0]): ACK Seq=1369800139 Ack=3663983359 Len=0
    [00:01:57.232,666] <dbg> net_tcp: tcp_send: (rx_q[0]): ACK Seq=1369800139 Ack=3663983359 Len=0
    [00:01:57.232,788] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN_SENT->ESTABLISHED
    [00:01:57.233,001] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x2002d020, ret=0
    [00:01:57.233,062] <dbg> net_tcp: net_tcp_recv: (main): context: 0x2001031c, cb: 0x8ce1, user_data: (nil)
    [00:01:57.233,245] <err> http_client: Cannot connect to IPv6 remote (-22)
    [00:01:57.233,245] <err> http_client: Failed to connect to socket
    [00:01:57.233,245] <dbg> http_client: run_https_post: starting tcp failed
    [00:01:57.290,252] <dbg> main: main: Error sending rpc request: The request could not be send!
    [00:02:07.629,394] <inf> net_l2_openthread: State changed! Flags: 0x00000064 Current role: router
    [00:02:57.395,874] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x2002c3d0 src port 443 dst port 35905 family 2
    [00:02:57.395,904] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x200107b8] match found cb 0x16c01 ud 0x2001031c rank 0x3f
    [00:02:57.396,301] <dbg> net_tcp: tcp_in: (rx_q[0]): FIN,ACK Seq=3663983359 Ack=1369800139 Len=0 [ESTABLISHED Seq=1369800139 Ack=3663983359]
    [00:02:57.396,331] <dbg> net_tcp: tcp_in: (rx_q[0]): Lowering send window from 64240 to 3413
    [00:02:57.396,362] <dbg> net_tcp: tcp_window_full: (rx_q[0]): conn: 0x2002d020 window_full=0
    [00:02:57.396,667] <dbg> net_tcp: tcp_out_ext: (rx_q[0]): FIN,ACK Seq=1369800139 Ack=3663983360 Len=0
    [00:02:57.396,881] <dbg> net_tcp: tcp_send_process_no_lock: (rx_q[0]): FIN,ACK Seq=1369800139 Ack=3663983360 Len=0 
    [00:02:57.397,155] <dbg> net_tcp: tcp_send: (rx_q[0]): FIN,ACK Seq=1369800139 Ack=3663983360 Len=0
    [00:02:57.397,277] <dbg> net_tcp: tcp_in: (rx_q[0]): ESTABLISHED->LAST_ACK
    [00:02:57.457,122] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x2002c3d0 src port 443 dst port 35905 family 2
    [00:02:57.457,153] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x200107b8] match found cb 0x16c01 ud 0x2001031c rank 0x3f
    [00:02:57.457,519] <dbg> net_tcp: tcp_in: (rx_q[0]): ACK Seq=3663983360 Ack=1369800140 Len=0 [LAST_ACK Seq=1369800139 Ack=3663983360]
    [00:02:57.457,550] <dbg> net_tcp: tcp_in: (rx_q[0]): Lowering send window from 64239 to 3413
    [00:02:57.457,580] <dbg> net_tcp: tcp_window_full: (rx_q[0]): conn: 0x2002d020 window_full=0
    [00:02:57.457,794] <dbg> net_tcp: tcp_send_timer_cancel: (rx_q[0]): FIN,ACK Seq=1369800139 Ack=3663983360 Len=0
    [00:02:57.457,855] <dbg> net_tcp: tcp_in: (rx_q[0]): LAST_ACK->CLOSED
    [00:02:57.457,885] <dbg> net_tcp: tcp_conn_unref_debug: (rx_q[0]): conn: 0x2002d020, ref_count=1 (tcp_in():2513)
    [00:02:57.457,916] <dbg> net_conn: net_conn_unregister: (rx_q[0]): Connection handler 0x200107b8 removed
    [00:02:57.457,977] <dbg> net_sock: zsock_received_cb: (rx_q[0]): ctx=0x2001031c, pkt=(nil), st=0, user_data=(nil)
    [00:02:57.458,007] <dbg> net_sock: zsock_received_cb: (rx_q[0]): Marked socket 0x2001031c as peer-closed

    Just to update the present status of my issue. 


    Vipin Das

  • Hi,

    vipin das said:
    You can share me any proper TLS sample where I can take a look and get inspired to make my application working 

    The examples you used previously, echo_client and http_client, have support for enabling TLS by setting OVERLAY_CONFIG to overlay-tls.conf. Other than that, we also have support for Mbed TLS in several nRF9160 samples, such as HTTPS Client and Simple MQTT, and we have Crypto: PSA TLS that shows how to do TLS handshakes.

    Best regards,


Reply Children
  • Hi Marte, 

    Any clue on TLS socket connection returns error -22?

    I  took a look at the nRF9160 DK HTTPS Client sample and addd the missing config options but that also doesn't help to solve that error. 

    Should I have to try anything else. 


    Vipin Das

  • Hi,

    Error 22 is invalid argument, so most likely, one or more of the arguments you are giving is incorrect. You should check that the address length is valid for the address family and that the address family is correct.

    Best regards,

  • Hi Marte, 

    I checked the address family and the address length but I don't see any potential issues. 

    Now  I am using  getaddrinfo() to properly point the sockaddr and ensure there is no issue in address family and length. Below given my modification wrt to those change. 

      struct addrinfo hints = {
          .ai_family   = PF_INET6,
          .ai_socktype = SOCK_STREAM,
          .ai_protocol = IPPROTO_TLS_1_2,
          .ai_flags    = AI_NUMERICSERV | AI_NUMERICHOST | AI_V4MAPPED | AI_ALL};
      ret = getaddrinfo(SERVER_ADDR6, "443", &hints, &res);
      struct addrinfo hints = {
          .ai_family   = AF_INET,
          .ai_socktype = SOCK_STREAM,
          .ai_protocol = IPPROTO_TCP,
          .ai_flags    = AI_NUMERICSERV | AI_NUMERICHOST | AI_V4MAPPED | AI_ALL};
      ret   = getaddrinfo(SERVER_ADDR6, "80", &hints, &res);

    Still the result is same. 

    [00:00:47.346,984] <dbg> http_client: establish_connection: ai_family: 2 ai_socktype: 1 ai_protocol: 6 ai_addrlen: 24
    [00:00:47.347,137] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20003478
    [00:00:47.347,473] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x20022520, ref_count: 1
    [00:00:47.347,503] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x20022520
    [00:00:47.347,564] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x2001031c, fd=1
    [00:00:47.347,747] <dbg> net_ctx: net_context_bind: (main): Context 0x2001031c binding to TCP [::]:50680 iface 1 (0x20000a98)
    [00:00:47.347,839] <dbg> net_tcp: net_tcp_connect: (main): context: 0x2001031c, local: ::, remote: fd97:6739:93e:2::a756:5ef8
    [00:00:47.348,022] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20022520 src: fd97:6739:93e:1:55e8:b55b:6c94:71e2, dst: fd97:6739:93e:2::a756:5ef8
    [00:00:47.348,175] <dbg> net_conn: conn_register_debug: (main): [0x200107b8/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/443 
    [00:00:47.348,205] <dbg> net_conn: conn_register_debug: (main):   local ::/50680 cb 0x16e69 ud 0x2001031c
    [00:00:47.348,358] <dbg> net_tcp: tcp_in: (main):  [LISTEN Seq=1876970369 Ack=0]
    [00:00:47.348,602] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=1876970369 Len=0
    [00:00:47.348,754] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=1876970369 Len=0 
    [00:00:47.348,968] <dbg> net_tcp: tcp_send: (main): SYN Seq=1876970369 Len=0
    [00:00:47.349,700] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
    [00:00:47.412,445] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x200218d0 src port 443 dst port 50680 family 2
    [00:00:47.412,506] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x200107b8] match found cb 0x16e69 ud 0x2001031c rank 0x3f
    [00:00:47.412,811] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=4052061474 Ack=1876970370 Len=0 [SYN_SENT Seq=1876970370 Ack=0]
    [00:00:47.412,872] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
    [00:00:47.412,902] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
    [00:00:47.412,902] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
    [00:00:47.412,933] <dbg> net_tcp: tcp_in: (rx_q[0]): Lowering send window from 64240 to 1280
    [00:00:47.412,963] <dbg> net_tcp: tcp_window_full: (rx_q[0]): conn: 0x20022520 window_full=0
    [00:00:47.413,146] <dbg> net_tcp: tcp_send_timer_cancel: (rx_q[0]): SYN Seq=1876970369 Len=0
    [00:00:47.413,452] <dbg> net_tcp: tcp_out_ext: (rx_q[0]): ACK Seq=1876970370 Ack=4052061475 Len=0
    [00:00:47.413,635] <dbg> net_tcp: tcp_send_process_no_lock: (rx_q[0]): ACK Seq=1876970370 Ack=4052061475 Len=0 
    [00:00:47.413,818] <dbg> net_tcp: tcp_send: (rx_q[0]): ACK Seq=1876970370 Ack=4052061475 Len=0
    [00:00:47.413,940] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN_SENT->ESTABLISHED
    [00:00:47.414,154] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20022520, ret=0
    [00:00:47.414,215] <dbg> net_tcp: net_tcp_recv: (main): context: 0x2001031c, cb: 0x8b81, user_data: (nil)
    [00:00:47.425,842] <err> http_client: Cannot connect to IPv6 remote (-22)
    [00:00:47.425,842] <err> http_client: Setup socket Failed
    [00:00:47.425,842] <err> http_client: Failed to connect to socket

    Do you have any thoughts or any further suggestions on this issue. 


    Vipin Das
