SSL Support on HL7648

Hi,

I am attempting to use SSL over an End-to-End TCP connection. The KSSLCRYPTO and KSSLCFG commands are present and the KTCPCFG appears to support specifying <cipher_index> ( defined as Cipher suite profile index to use for a secured socket; defined by +KSSLCRYPTO). However, when connecting to a server which supports SSL (ncat on Ubuntu) I receive the following error:

Ncat: Failed SSL connection from xxx.xxx.xxx.xxx: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

The error occurs immediately upon first transmit of data which initiates the SSL handshake.

Would anybody have an example of the sequence of commands used to make this connection work? If not, would the use of SSL on these modules be documented with more detail than what is provided in the AT command set manual? If so, a pointer to the documentation would be greatly appreciated.

Thanks,
Mike

Hello Mike,
Try this sequence of AT commands.
Use your CA certificate.

AT+KSSLCFG=0,3
OK
AT+KSSLCFG=1,“edge”
OK
AT+KSSLCFG=2,0
OK
AT+KSSLCRYPTO=1,1,1,64,2,4,0
OK
AT+KCERTSTORE?
+KCERTSTORE:
root_cert,0,2086
-----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTA
NBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXI
gTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIEN
BIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXR
ob3JpdHkwHhcNMTAwMTE5
MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1U
EBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2F
sZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9
ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQU
AA4ICDwAwggIKAoICAQCR
6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhK
PS38QVr2fcHK3YX/JSw8X
pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ
6dq9xkNfs/Q36nGz637CC
9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt
+5eNu/Nio5JIk2kNrYrhV
/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllE
nvGfDyi62a+pGx8cgoLEf
Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ
7tKuY2e7gUYPDCUZObT6Z
+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeK
jWiS0uqlWPc9vqv9JWL7w
qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jCh
WrBQdnArncevPDt09qZah
SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkx
l8ZEDLXB0AuqLZxUpaVIC
u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe
01a60y1Dma/RMhnEw6abf
Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzF
cOmpH4MN5WdYgGq/yapiq
crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwI
DAQABo0IwQDAdBgNVHQ4E
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH
/BAQDAgEGMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1Ua
Et65Ru2yyTUEUAJNMnMvl
wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLpp
ysb0ZRGxhNaKatBYSaVqM
4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o
9mfjYcwlYRm6mnPTXJ9OV
2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn
8OoSgtZx8jb8uk2Intzna
FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3m
FXLrrkguhxuhoqEwWsRqZ
CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZG
YZ4wUAc1oBmpjIXUDgIiK
boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R
97QNKyvDb6KkBPvVWmcke
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh1
7f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZx
ubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk5
27RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey
1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----

local_cert,0,0
local_cert,1,0
local_cert,2,0

OK
AT+CTZU=0
OK
AT+CTZR=0
OK
AT+CREG=0
OK
AT+CREG?
+CREG: 0,1

OK
AT+CCLK=“17/08/03,17:19:13+01”
OK
AT&K0
OK
AT+KCNXCFG=1,“GPRS”,“airtelgprs.com
OK
AT+KCNXTIMER=1,60,2,70
OK
AT+KTCPCFG=1,3,“SERVER ADDRESS”,443,1
+KTCPCFG: 1

OK
AT+KTCPCNX=1
OK

Thanks & Regards,
Rex

Rex, thanks for the suggestion. Unfortunately I was attempting to make use of SSL without server authentication on the client side. I have not been able to store the root certificate on this device. Every attempt to store the root certificate with at+kcertstore results in “ERROR”. No error code, just the “ERROR” message. I have not been able to find any detail information on the SSL implementation, nor any explanation as to when the “ERROR” message is provided. Thus I was not able to attempt the sequence you provided exactly.

If anybody can point me to documentation that provides more detail than the “AT Commands Interface Guide” it would be greatly appreciated.

Thanks,
Mike

Did this ever get resolved? I’m having the same issue