Thales' cellular IoT products business is now part of Telit Cinterion, find out more.

You are here

EHS6 difference between rel.2 and rel.3 when connect to google.com:443 | Telit Cinterion IoT Developer Community

June 28, 2016 - 4:45pm, 2994 views

Hello sir,
We encounter a problem when connect to google using EHS6 v3, here is what we found. The v3 module just disconnects and fails with the "internal error" message, but the v2 is work fine without any problem.
We did some more digging and here are the same commands ran on Cinterion v2 and on v3, while connecting to google.com via secure SSL port, certificate checking disabled.
 
AT^SJMSEC?
^SJMSEC: 1,0,1,0
 
Below you will also find a TLS handshake dump from OpenSSL acting as a server for v2 & v3. 
Would you please give us some more suggestion ? 
==================================

Cinterion v2:

 

ATI1

Cinterion

EHS6

REVISION 02.000

A-REVISION 00.000.15

OK

AT^SISS=0,"srvType","none"

OK

AT^SISS=0,"SrvType","Socket"

OK

AT^SISS=0,"conId",0

OK

AT^SISS=0,"address","socktcps://google.com:443;etx"

OK

AT^SISO=0

OK

AT^SICI=0

^SICI: 0,1,1,"0.0.0.0"

OK

^SISW: 0,1

AT^SICI=0

^SICI: 0,2,1,"188.197.10.206

OK

AT^SIST=0

CONNECT

Dumping 127 bytes from 0x20005DC0:

48 54 54 50 2F 31 2E 30 20 33 30 32 20 46 6F 75  |  H T T P / 1 . 0   3 0 2   F o u  |  

6E 64 0D 0A 4C 6F 63 61 74 69 6F 6E 3A 20 68 74  |  n d . . L o c a t i o n :   h t  |  

74 70 73 3A 2F 2F 77 77 77 2E 67 6F 6F 67 6C 65  |  t p s : / / w w w . g o o g l e  |  

2E 73 69 2F 3F 67 77 73 5F 72 64 3D 63 72 26 65  |  . s i / ? g w s _ r d = c r & e  |  

69 3D 79 6B 56 78 56 2D 33 47 44 65 6D 65 36 41  |  i = y k V x V - 3 G D e m e 6 A  |  

53 36 38 36 76 67 41 77 0D 0A 43 61 63 68 65 2D  |  S 6 8 6 v g A w . . C a c h e -  |  

43 6F 6E 74 72 6F 6C 3A 20 70 72 69 76 61 74 65  |  C o n t r o l :   p r i v a t e  |  

0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A     |  . . C o n t e n t - T y p e :  |  

 

 

Cinterion v2 TLS Handshake dump:

 

 

[root@srv311 ~]# openssl s_server -cert /etc/postfix/cert/cert.pem -accept 61500 -msg

Using default temp DH parameters

Using default temp ECDH parameters

ACCEPT

<<< TLS 1.2 Handshake [length 0095], ClientHello

    

>>> TLS 1.2 Handshake [length 004a], ServerHello

    

>>> TLS 1.2 Handshake [length 0259], Certificate

    

>>> TLS 1.2 Handshake [length 00cd], ServerKeyExchange

    

>>> TLS 1.2 Handshake [length 0004], ServerHelloDone

    

<<< TLS 1.2 Handshake [length 0046], ClientKeyExchange

    

<<< TLS 1.2 ChangeCipherSpec [length 0001]

    

<<< TLS 1.2 Handshake [length 0010], Finished

    

>>> TLS 1.2 ChangeCipherSpec [length 0001]

    

>>> TLS 1.2 Handshake [length 0010], Finished

    

Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA

CIPHER is ECDHE-RSA-AES256-GCM-SHA384

Secure Renegotiation IS NOT supported

 

Connection is established OK.

 

 

Cinterion v3:

 

ATI1

Cinterion

EHS6

REVISION 03.001

A-REVISION 00.000.31

OK

AT^SISS=0,"srvType","none"

OK

AT^SISS=0,"SrvType","Socket"

OK

AT^SISS=0,"conId",0

OK

AT^SISS=0,"address","socktcps://google.com:443;etx"

OK

AT^SISO=0

OK

AT^SICI=0

^SICI: 0,1,1,"0.0.0.0"

OK

^SIS: 0,0,50,"Fatal: Service has detected an internal error"

AT^SICI=0

^SICI: 0,2,1,"188.199.255.202"

OK

AT^SISI=0

^SISI: 0,6,0,0,0,0

OK

 

 

Cinterion v3 TLS handshake dump:

 

[root@srv311 ~]# openssl s_server -cert /etc/postfix/cert/cert.pem -accept 61500 -msg

Using default temp DH parameters

Using default temp ECDH parameters

ACCEPT

<<< SSL 3.0 Handshake [length 0095], ClientHello

>>> SSL 3.0 Handshake [length 004a], ServerHello

>>> SSL 3.0 Handshake [length 0259], Certificate

>>> SSL 3.0 Handshake [length 00cb], ServerKeyExchange

>>> SSL 3.0 Handshake [length 0004], ServerHelloDone

<<< SSL 3.0 Handshake [length 0046], ClientKeyExchange

<<< SSL 3.0 Alert [length 0002], warning close_notify

ERROR

shutting down SSL

CONNECTION CLOSED