cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to initiate TLS Connection using SPWF01SA.11 wit FW V3.4

mhemetsberger9
Associate II
Posted on August 10, 2015 at 10:55

Dear Community,

I have generated RSA signed certificates using OpenSSL as described in application note AN4683.

I also started a server using openssl command and the generated certificates as described on page 20 of AN4683.

Then I used:

AT+S.TLSCERT2=clean,all

->resppnse of WIFI module: OK

AT+S.SETTIME=<seconds>

->resppnse of WIFI module: OK

AT+S.TLSCERT=f_ca,<size><CR><data>

->resppnse of WIFI module: OK

AT+S.TLSDOMAIN=f_domain,<server domain>

->resppnse of WIFI module: OK

AT+S.SOCKON=<host-ip>,<port>,s,ind

->response of WIFI module: ERROR: Unable to load CA certificate

Does anybody know what am I doing wrong? Thanks for you help, regards Michael!

#tls-spwf01sa.11
11 REPLIES 11
mhemetsberger9
Associate II
Posted on August 14, 2015 at 09:08

Now I have a further question. When testing the openssl generated certs by using s_server and s_client, I am able to establish a connection that supports secure renegotiation.

When testing the one-way negotiation or mutual authetication with the WiFi module, s_server replies that secure renegotiation is NOT supported.

Does that mean, that the established connection uses SSLv3.0 to encode the data - because I have read, that SSLv3.0 doesn't support secure renegotiation.

But the WiFi module should support aslo TLSv1.0, 1.1 and even 1.2.

Regards Michael
Nickname3786_O
Associate II
Posted on August 14, 2015 at 11:12

Hi Michael,

you can add the parameter ''-tls1_2'' to the openssl server in order to force the TLS 1.2 security on the server side.

In this case, the module has to connect to the server using the TLS instead of SSL 3.0.

Regards,

Salvo