You are not logged in.

Dear visitor, welcome to Round Solutions M2M and wireless Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

1

Wednesday, August 16th 2017, 9:28am

CME ERROR: SSL error during handshake

Hi,

I am using GL865-QUAD V3 GSM Module, I want to send data to HTTPS server. But i am getting CME ERROR: SSL error during handshake, I dont know what is the problem i follow all steps mention in "1vv0300989_SSL-TLS_User_Guide_r11.pdf" File. please look at my code and Help me solving Issue.

AT

OK
AT+CPIN?

+CPIN: READY

OK
AT+CGMR

16.01.141

OK
AT+CGMM

GL865-QUAD-V3

OK
AT+CREG?

+CREG: 0,1

OK
AT+CSQ

+CSQ: 20,0

OK
AT+CMEE=2

OK
AT#NITZ?

#NITZ: 7,0

OK
AT+CCLK?

+CCLK: "17/08/16,10:01:10+22"

OK
AT#NITZ=7,0

OK
AT+CCLK?

+CCLK: "17/08/16,10:18:55+22"

OK
AT#SGACT=1,1

#SGACT: 100.97.78.3

OK
AT#CPUMODE=4

OK
AT#GPRS?

#GPRS: 1

OK
AT#SSLEN?

#SSLEN: 1,1

OK
AT#SSLSECCFG=1,0,1

OK
AT#SSLCFG=1,1,300,90,100,50

OK
AT#SSLSECDATA=1,1,1,1236

> -----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----

OK
AT#SSLSECDATA=1,2,1

#SSLSECDATA: 1,1
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----


OK
AT#CPUMODE?

#CPUMODE: 4

OK
AT#SSLD=1,443,"172.217.10.3",0,0

+CME ERROR: SSL error during handshake

Thanks In Advance.

2

Wednesday, August 23rd 2017, 3:39pm

Hi Nimesh,

I forwarded to our Telit Support, answer will follow soon.

Regards,

Hüseyin

3

Thursday, August 24th 2017, 4:38am

Hi Hüseyin,




Thanks for reply.


i am waiting for answer.




Regards,
Nimesh

4

Thursday, August 24th 2017, 1:13pm

Hi Nimesh,

Can you upload this CA certificate as an attachment?
The BASE64 form was distorted by the text editor of the forum and it can not be used in this format.

Thanks,
Taj

5

Thursday, August 24th 2017, 1:55pm

Hi Taj,

Please Find Attachment of certificate of "https://requestb.in".


Regards,
Nimesh
Nimesh has attached the following file:

6

Thursday, August 24th 2017, 2:26pm

Hi Nimesh,

This certificate was hashed with SHA-384, but the module doesn't support it because it has a limited CPU power.
It can support up to SHA-256.

Regards,
Taj

7

Friday, August 25th 2017, 6:07am

Hi Taj,

Thanks for the reply.

I didn't know Module supports only up to SHA-256. I tried with another certificate hashed with SHA-1.
Please find Attachment of certificate of "https://www.google.co.in/".

I also attached log file.

Regards,
Nimesh
Nimesh has attached the following files:

8

Friday, August 25th 2017, 11:31am

Hi,

For Google is a little bit tricky to get the right certificate.
Can you try again with the attached certificate?

Regards,
Taj
telit-support has attached the following file:
  • Google.txt (1.16 kB - 20 times downloaded - latest: Yesterday, 2:24am)

9

Friday, August 25th 2017, 1:23pm

Hi Taj,

I tried with the certificate you given me. and by using it i am able to connect to google.com successfully. Thank you so much for helping me.

After connecting to google i sent HTTP GET Request But It shows "HTTP/1.0 404 Not Found" Error. Is it OK ?
I send you my log file please check it.

Although it is connecting successfully it is not clear to me. I have some doubts please clear it if possible.

How to get correct certificate? I follow all procedure mention in " SSL-TLS_User_Guide_r12.pdf" document.
As i send you one certificate of "google.co.in" in my previous post. what was wrong in that certificate.

If possible please give me your email Id as i am also facing some problem in telit LE910 EU1 Modem.


Regards,
Nimesh
Nimesh has attached the following file:

10

Monday, August 28th 2017, 10:02am

Hi Nimesh,

here Taj explained me before how to get right certificate:

"Google is a more complex organization and getting
the right CA certificate is a bit more complicated.

The certificate that you are getting with the procedure described in the guide
was an intermediate certificate in the past,

-> one of the intermediate certificates was changed to Root CA and
the browser on your PC already has this "new" Root CA, so it doesn't
show you the "true" old Root CA.



When you connect to Google's server, it sends you a complete chain, which still
has the old chain.



To view this chain you can use "openssl" tools:

openssl s_client -showcerts -connect www.google.com:443 "

Regards,

Hüseyin

11

Monday, August 28th 2017, 12:04pm

Hi Hüseyin,


Thanks For the Reply.

Is it only for "www.google.com" or many other websites?
And How can we know The certificate is wrong certificate.

Telit GL865 Quad V3 Supports upto TLS 1.0 and SHA-256, Apart from this Is there any other criteria we have to check? If yes , where we can check that?

Another thing is that This Modem Having Firmware "16.01.141" Supports upto TLS 1.0 Which will be disable After 30 June 2018. So is there any Firmware Update Available or will be available Which supports TLS 1.2 and TLS 1.1 ?

Regards,
Nimesh

12

Wednesday, August 30th 2017, 9:45am

Hi Nimesh,

regarding the 404 not found error, attached an example of a HTTP GET message that should work with Google.

Regarding the procedure to get the right certificate, it is not easy to tell in which case the °classic° procedure to retrieve the CA certificate will not work.
In most cases it works, but sometimes one certificates from the chain was an intermediate in the past and the server is still sending the whole chain where this certificate is still an intermediate (a browser on the PC knows how to handle such exceptions).

TLS 1.2 is planned for next SW release.
telit-support has attached the following file:
  • GET-Google.txt (63 Byte - 18 times downloaded - latest: Yesterday, 2:24am)

Rate this thread