CME ERROR: SSL error during handshake

  • Hi,


    I am using GL865-QUAD V3 GSM Module, I want to send data to HTTPS server. But i am getting CME ERROR: SSL error during handshake, I dont know what is the problem i follow all steps mention in "1vv0300989_SSL-TLS_User_Guide_r11.pdf" File. please look at my code and Help me solving Issue.


    AT


    OK
    AT+CPIN?


    +CPIN: READY


    OK
    AT+CGMR


    16.01.141


    OK
    AT+CGMM


    GL865-QUAD-V3


    OK
    AT+CREG?


    +CREG: 0,1


    OK
    AT+CSQ


    +CSQ: 20,0


    OK
    AT+CMEE=2


    OK
    AT#NITZ?


    #NITZ: 7,0


    OK
    AT+CCLK?


    +CCLK: "17/08/16,10:01:10+22"


    OK
    AT#NITZ=7,0


    OK
    AT+CCLK?


    +CCLK: "17/08/16,10:18:55+22"


    OK
    AT#SGACT=1,1


    #SGACT: 100.97.78.3


    OK
    AT#CPUMODE=4


    OK
    AT#GPRS?


    #GPRS: 1


    OK
    AT#SSLEN?


    #SSLEN: 1,1


    OK
    AT#SSLSECCFG=1,0,1


    OK
    AT#SSLCFG=1,1,300,90,100,50


    OK
    AT#SSLSECDATA=1,1,1,1236


    > -----BEGIN CERTIFICATE-----
    MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
    R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
    9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
    fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
    iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
    1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
    bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
    MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
    ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
    uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
    Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
    tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
    PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
    hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
    5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
    -----END CERTIFICATE-----


    OK
    AT#SSLSECDATA=1,2,1


    #SSLSECDATA: 1,1
    -----BEGIN CERTIFICATE-----
    MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
    R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
    9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
    fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
    iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
    1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
    bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
    MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
    ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
    uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
    Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
    tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
    PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
    hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
    5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
    -----END CERTIFICATE-----



    OK
    AT#CPUMODE?


    #CPUMODE: 4


    OK
    AT#SSLD=1,443,"172.217.10.3",0,0


    +CME ERROR: SSL error during handshake


    Thanks In Advance.

  • Hi Taj,


    I tried with the certificate you given me. and by using it i am able to connect to google.com successfully. Thank you so much for helping me.


    After connecting to google i sent HTTP GET Request But It shows "HTTP/1.0 404 Not Found" Error. Is it OK ?
    I send you my log file please check it.


    Although it is connecting successfully it is not clear to me. I have some doubts please clear it if possible.


    How to get correct certificate? I follow all procedure mention in " SSL-TLS_User_Guide_r12.pdf" document.
    As i send you one certificate of "google.co.in" in my previous post. what was wrong in that certificate.


    If possible please give me your email Id as i am also facing some problem in telit LE910 EU1 Modem.



    Regards,
    Nimesh

  • Hi Nimesh,


    here Taj explained me before how to get right certificate:


    "Google is a more complex organization and getting
    the right CA certificate is a bit more complicated.


    The certificate that you are getting with the procedure described in the guide
    was an intermediate certificate in the past,


    -> one of the intermediate certificates was changed to Root CA and
    the browser on your PC already has this "new" Root CA, so it doesn't
    show you the "true" old Root CA.




    When you connect to Google's server, it sends you a complete chain, which still
    has the old chain.




    To view this chain you can use "openssl" tools:


    openssl s_client -showcerts -connect www.google.com:443 "


    Regards,


    Hüseyin

  • Hi Hüseyin,



    Thanks For the Reply.


    Is it only for "www.google.com" or many other websites?
    And How can we know The certificate is wrong certificate.


    Telit GL865 Quad V3 Supports upto TLS 1.0 and SHA-256, Apart from this Is there any other criteria we have to check? If yes , where we can check that?


    Another thing is that This Modem Having Firmware "16.01.141" Supports upto TLS 1.0 Which will be disable After 30 June 2018. So is there any Firmware Update Available or will be available Which supports TLS 1.2 and TLS 1.1 ?


    Regards,
    Nimesh

  • Hi Nimesh,


    regarding the 404 not found error, attached an example of a HTTP GET message that should work with Google.


    Regarding the procedure to get the right certificate, it is not easy to tell in which case the °classic° procedure to retrieve the CA certificate will not work.
    In most cases it works, but sometimes one certificates from the chain was an intermediate in the past and the server is still sending the whole chain where this certificate is still an intermediate (a browser on the PC knows how to handle such exceptions).


    TLS 1.2 is planned for next SW release.