You are not logged in.

Dear visitor, welcome to Round Solutions M2M and wireless Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

1

Tuesday, May 12th 2015, 9:32am

HTTPS Issues

Hello,

I’m using module GL865-DUAL-V3 (FW revision 16.00.152) and I’m
facing with the following issues:

[Direct SSL Socket Connection]
I’m using a HTTP/ TCP
connection under SSL where the Server exposes web services via Https powered with
a self-signed certificate.
I did the following steps:
  • loaded the server certificate
    in the module (AT#SSLSECDATA=1,1,..)
  • configured the module to
    manage Server certificate (AT#SSLSECCFG=1,0,1)
When I try to establish a SSL Socket connection (through the command
AT#SSLD) I get ever the error “SSL error during handshake”

From the other hand, everything works well if I configure the module
by disabling the management of SSL Certificate: AT#SSLSECCFG=1,0,0

Question: does the module support
self-signed certificate?


From the other hand, I get the same error even though I use the
global “recognized” certificate:
  • I got the google.co.uk
    CACertificate (following the procedure described in Telit_SSL_TLS_User_Guide_r10)
  • I loaded the above certificate in
    the module
  • I configured the module to
    manage Server certificate (AT#SSLSECCFG=1,1,1)
When I try to establish a SSL Socket connection (AT#SSLD=1,443,"google.co.uk",0,0)
I ever get the error “SSL error during handshake”


[HTTP SSL Socket Connection]
In addition, I tried to use HTTP set of commands but without luck,
here a piece of log:

AT#HTTPCFG=0,"google.co.uk",443,0,,,1,30,1

OK

AT#HTTPQRY=0,0,"/"

OK

#HTTPRING: 0,0,"",0

#HTTPRING: 0,0,"",0

As you can see, I ever get an empty response from google.co.uk.

NOTE: It works well if I try to send the same command trough a
software acting as HTTP REST client (like Postman)


Thanks in advance for your help.
Ivan

This post has been edited 1 times, last edit by "ivangag" (May 12th 2015, 1:43pm)


2

Tuesday, May 12th 2015, 3:46pm

Hello Ivan,

Answer from our Telit-Support:

AT#CPUMODE=4 may solve the issue.
The SSL negotiation must be performed in a
certain amount of time, otherwise it fails.
The cert validation is a
mathematically complex operation and it takes time, therefore a greater CPU
clock helps.

However, the negotiation speed was improved in newer SW
versions, so we also suggest to upgrade the module to a newer SW
version.
(the latest is 16.01.151).

It should work with self signed
certificates, they are no different from other certificates, but the correct CA
certificate must be imported in the module and the length it is limited to (2047
bytes).
The key length and the hashing algorithm may be the issue.
SW
version 16.00.152 supports only 1024 bit RSA keys and only SHA-1 hashing
algorithm.
SW version 16.01.151 supports up to 2048 bit RSA keys and SHA-256
was added.


Let us know if you need more info.



Kind Regards,

Hüseyin

3

Tuesday, May 12th 2015, 4:07pm

Hi Huseyin,
thanks for answering.

First of all i would like to know what's the right (i suppose the latest in order of time) Firmware version for GL865-DUAL-V3.
I got the more recent (in term of date) directly from the (private) Telit Download Zone, precisely the 16.00.xx2

SW 16.00.xx2
Telit GL865-DUAL V3
28-01-2015

SW 16.01.xx1
Telit GL865-DUAL V3
05-12-2014

Are you sure that xx1 is the newest firmware?


Also, the #CPUMODE=4 doesn't help:
  • AT#HTTPQRY gets ever timeout
  • AT#SSLD gets ever the same error: +CME ERROR: SSL error during handshake


Thanks
Ivan

4

Tuesday, May 12th 2015, 4:32pm

Hi Ivan,

the xx1 is newest/latest version because 16.01.xx1 there is a one before last dot.
You are right, there is a mistake with date at downloadzone from Telit, but here is the right version history:

newest
16.01.xx1
16.01.xx0
16.00.xx3
16.00.xx2
oldest

so please try first version 16.01.xx1 and let me know if your issue still exists.

Kind regards,

Hüseyin

5

Tuesday, May 12th 2015, 5:05pm

Hi Huseyin,
you're right, i downloaded and flashed the xx1.
Anyway i have still some unexpected behavior.

[AT#HTTPQRY]
The AT#HTTPQRY command now works BUT only if i set anonymous ssl handling (AT#SSLSECCFG=1,0,0)
If i try to manage server authentication (AT#SSLSECCFG=1,0,1) i receive the error "+CME ERROR: connection failed" (before i got timeout).

[AT#SSLD]
The AT#SSLD has the same behavior as before, i get ever "+CME ERROR: SSL error during handshake".
I tried with a self-signed server or "recognized" certificate server, no difference.

It seems there's not way to work with the server authentication mode.

Thanks for your help.

Ivan

This post has been edited 3 times, last edit by "ivangag" (May 12th 2015, 5:28pm)


6

Wednesday, May 13th 2015, 10:24am

Hi Huseyin,
any news / feedback?

Thanks.

Ivan

7

Tuesday, May 26th 2015, 5:35pm

Hi Ivan,

Have you set AT#CPUMODE to 4?
Maybe you are not using the correct
certificate.
Can you share with us the CA certificate that you are using
and the server that you are trying to connect to?
An AT log should be just
fine, if is visible also the certificate import in it.

Please send requested informations to ts(at)roundsolutions.com

Thank you.

Hüseyin

8

Wednesday, May 27th 2015, 10:24am

Hi Huseyn,
thanks i just sent the requested info via email.

Regards
Ivan

9

Friday, May 29th 2015, 9:24am

Hi Huseyn,
just for confirmation.
I sent other emails with new feedback and support request.
Thanks in advance for supporting.

10

Friday, June 5th 2015, 9:10am

Hi Huseyin,
i sent you another e-mail, i have still problem with SSL and client authentication.

Thanks for your support.

Ivan

11

Tuesday, May 16th 2017, 4:03pm

Hi!)
I have a similar problem. Did you find the solution?

12

Wednesday, May 24th 2017, 9:55am

Hi Alex,

can you tell me your Firmware version please?

Regards,

Hüseyin

13

Wednesday, May 31st 2017, 9:44pm

Hi Hüseyin,

AT+CGMR

10.01.183

OK
AT+CGMM

GL868-DUAL

OK

Regards,

Alex

14

Wednesday, June 14th 2017, 6:43am

Hi,
I am using below model and software version.


Model: UL865-EUD

SW version: 12.00.618

Can we use the [HTTP SSL Socket Connection] implementation.


Does HTTP SSL Socket Connection supports for above model and firmware version.


Regards,
John

15

Friday, June 16th 2017, 12:22pm

Hi John,

yes, this should work with some restriction, please look to SSL/TLS User Guide

you could find here

Regards,

Hüseyin

16

Saturday, July 1st 2017, 8:38pm

Hi Hüseyin,

Thank you so much for the reply. I am trying to connect ssl server but it shows error.

I am using below commands

AT#SCFG=1,1,1000,90,100,50

AT#SSLEN=1,0

AT#SSLEN=1,1

AT#SSLSECCFG=1,0,1

AT#SSLCFG=1,1,1000,90,100,50

AT#SSLSECDATA=1,1,1,1143

AT#SSLD=1,443,"www.google.co.uk",0,0

All commands shows OK,and certificate stored successfully,but SSLD command always giving error.

I tried AT#CPUMODE=4 command this also gives error. using below module and software version.
Model: UL865-EUD



SW version: 12.00.618

Can you please help to solve this issue.

Regards,
John

17

Tuesday, July 4th 2017, 12:44pm

Hi,

Anyone can help to figure out the issue.

Thanks,
John

18

Thursday, July 6th 2017, 11:47am

Hi Hüseyin,

Still not able to Open a socket SSL to a remote server(AT#SSLD) command. It gives ERROR response.

Thanks,
John

19

Friday, July 14th 2017, 9:22am

Hi John,

Try sending AT+CMEE=2 to check if you get a verbose error response that could explain what the problem is when the connection fails. It could be an error during handshake or not being able to connect at all.

20

Wednesday, July 19th 2017, 10:11am

Hi Mazen,

It gives ERROR: 837, SSL certs and keys wrong or not stored.

Regards,
John

Similar threads

Rate this thread