EXS82 - Cannot connect to server using TLS | Telit Cinterion IoT Developer Community
November 20, 2020 - 10:29am, 1943 views
Hello
I've faced an issue with EXS82 module during establishing the connection to the sever.
We are trying to connect to https://www.dataloghub.com:443 and get the following error:
^SIS: 0,0,62,"Unknown internal TLS error"
We have previously had similar error using ELS61 module because in 'Server Key Exchange' the server wants x25519 elliptic curve which was not supported by old ELS61 firmware. After FW update the issue was fixed. I wonder if we have a similar issue here with EXS82.
Regards,
Yuriy
Hello,
Indeed this module does not support this curve. But it sends the supported list in Client Hello message. So the server should not propose it.
Additionally for this module you are able to limit the cipher suites that it offers in Client Hello message. Maybe this feature could be used to force the server not to offer x25519 curve, for instance by leaving only the cipher suites that do not use elliptic curves.
Best regards,
Bartłomiej
Hello Bartłomiej,
Thank for the answer.
Can you tell me how to do it (limit the cipher suites)? Is that using SBNW AT cmd? Can you show an example? I actually doubt this would help.
Is there any reason why the elliptic curve is not supported? And will the support of it be added in future?
Regards,
Yuriy
Okay, I was trying to play with SBNW selecting different suits - the same error no matter what.
I was trying to set AES256-SHA256:AES128-GCM-SHA256.
EXS82 REVISION 01.100
So, now I need help to solve the issue.
Hello,
The elliptic curves support is probably a matter of SSL libraries that are used inside. Probably the support may be added in the future as this curve is getting popular but I don't know any details.
There's one more thing that you can try. This module supports SNI and sends domain address in Client Hello message. It should be done automatically but you have also a possibility to configure this domain name manually for the connection. You can also try this option. Please see secsni and sniname parameters of SISS command. SNI has also influence on your connection because based on this information the server knows which domain you want to visit.
Regards,
Bartłomiej