Hi @hkiol,
Following HL78xx AT Command Reference, your module can work for ECDHE-RSA-AES128-GCM-SHA256 with your +KSSLCRYPTO command. So I think there are not any issue about setting Cipher Suite configuration on your module.
I saw you mentioned “IPV6 this time”. So have you ever make TCP/SSL connection with your domain “-xx-ats.iot.us-west-2.amazonaws.com” through IPv4 successfully before? If no, can you try this case through IPv4?
Besides that, based on +KTCP_NOTIF: 1,13 displaying after starting TCP/SSL connection following your comment, there maybe many things that impact to TCP/SSL connection. Are you using the simulator network or real network?
a, If you are using simulator network (example: Amarisoft), can you capture wireshark packet and provide me .pcap file for this TCP/SSL connection?
b, If you are using the real network, you cannot trace packet. So can you provide me your domain, local CA, root CA and private key exactly (you can send me the message for them)? Then I can try on my module and trace log on my Amarisoft to find the reason of your issue.
Thanks,