FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL/TLS Error: Unable to connect (-1)

paolo23
Associate II

‎2015-11-15 11:58 PM

Posted on November 16, 2015 at 08:58

Hi,

I'm trying to establish a TLS communication using the one-way authentication.

I loaded into the SPWF01 the CA certificate as described in the example of the AN4683

but when I try to connect to the openssl server the SPWF01 closes the connection with

ERROR: SSL/TLS Error: Unable to connect (-1).

I'm sure that the certificates are correct (openssl verify is OK), module's date and time are set corretly,

the CA certificate is loaded into the module and the CA domain name is as espected.

The FW module is 150410-c2e37a3-SPWF01S and I have used the last version of OpenSSL: openssl-1.0.2d

Can anybody help me? Thank you.

Paolo

0 Kudos
6 REPLIES 6
Nickname3786_O
Associate II

‎2015-11-16 05:48 AM

Posted on November 16, 2015 at 14:48

Hi Paolo,

are you using the one-way authentication? Did you observe the issue both using the openssl server and using a different SSL/TLS server?

Could you please perform the connection using openssl-1.0.1i? (https://www.openssl.org/source/old/1.0.1/openssl-1.0.1i.tar.gz).

If it doesn't work, I will send you the script to generate the needed certificates for the desired authentication mode.

In the meantime, I'm checking the socket communication using openssl-1.0.2d in our side.

0 Kudos
paolo23
Associate II

‎2015-11-16 08:13 AM

Posted on November 16, 2015 at 17:13

Ciao Salvatore,

I'm using the one-way authentication and I tried only the openssl server.

I'm sorry but I'm not able to compile openssl, I have used a precompiled version.

Paolo

0 Kudos
paolo23
Associate II

‎2015-11-16 01:07 PM

Posted on November 16, 2015 at 22:07

Hi Salvatore,

I built your openssl and the problem still remain. I also tried the script that I found

https://my.st.com/public/STe2ecommunities/interface/Lists/WiFi%20Modules/DispForm.aspx?ID=355&RootFolder=https://my.st.com/public/STe2ecommunities/interface/Lists/WiFi%20Modules/Unable%20to%20initiate%20TLS%20Connection%20using%20SPWF01SA.11%20wit%20FW%20V3.4

There must be something wrong that I do with the CA certificate, maybe when I include it in the code as C string.

Paolo

0 Kudos
Nickname3786_O
Associate II

‎2015-11-17 01:11 AM

Posted on November 17, 2015 at 10:11

Hi Paolo,

at the end of the bash script attached in your previous post, you can find the commands to open the openssl client.

Could you please try to re-generate the certificates and establish a connection between the openssl client and openssl server? If it works, probably the issue is related to the loading of the certificates into the module. 

0 Kudos
paolo23
Associate II

‎2015-11-17 04:38 AM

Posted on November 17, 2015 at 13:38

Hi Salvatore,

I don't have xterm. Anyway, the openssl client and server launched from the DOS command line communicate using the certificates generated by the script.

Notice that the script asked for openssl.cfg and to remove the error I used that I found in the openssl 1.0.2d but I think this is not relevant

Paolo

0 Kudos
paolo23
Associate II

‎2015-11-17 07:34 AM

Posted on November 17, 2015 at 16:34

Hi Salvatore,

I have found the flaw! Certificates have an expiry date but also a ''not before'' date.

I always loaded the date when I started the tests and all the certificates I made from that time have for the module a date in the future.

Thank you for your help.

Paolo

0 Kudos
Top