Unable to initiate TLS Connection using SPWF01SA.11 wit FW V3.4

mhemetsberger9 · ‎2015-08-10

Posted on August 10, 2015 at 10:55

Dear Community,

I have generated RSA signed certificates using OpenSSL as described in application note AN4683.

I also started a server using openssl command and the generated certificates as described on page 20 of AN4683.

Then I used:

AT+S.TLSCERT2=clean,all

->resppnse of WIFI module: OK

AT+S.SETTIME=<seconds>

->resppnse of WIFI module: OK

AT+S.TLSCERT=f_ca,<size><CR><data>

->resppnse of WIFI module: OK

AT+S.TLSDOMAIN=f_domain,<server domain>

->resppnse of WIFI module: OK

AT+S.SOCKON=<host-ip>,<port>,s,ind

->response of WIFI module: ERROR: Unable to load CA certificate

Does anybody know what am I doing wrong? Thanks for you help, regards Michael!

#tls-spwf01sa.11

mhemetsberger9 · ‎2015-08-14

Posted on August 14, 2015 at 09:08

Now I have a further question. When testing the openssl generated certs by using s_server and s_client, I am able to establish a connection that supports secure renegotiation.

When testing the one-way negotiation or mutual authetication with the WiFi module, s_server replies that secure renegotiation is NOT supported.

Does that mean, that the established connection uses SSLv3.0 to encode the data - because I have read, that SSLv3.0 doesn't support secure renegotiation.

But the WiFi module should support aslo TLSv1.0, 1.1 and even 1.2.

Regards Michael

Nickname3786_O · ‎2015-08-14

Posted on August 14, 2015 at 11:12

Hi Michael,

you can add the parameter ''-tls1_2'' to the openssl server in order to force the TLS 1.2 security on the server side.

In this case, the module has to connect to the server using the TLS instead of SSL 3.0.

Regards,

Salvo