HTTPS Connection Issues

cchoi22915

Hello,

I am having some issues connecting to my cloud server using the HTTPS client. The difference here being the server is not using a certificate and is using a JWT in the authorization header in of the HTTP GET. The server is using TLS1.2, but when I export the ciphersuite used, it returns 0xffffffff and errors out in the connect() (failed with error:95). If I remove TLS, I get a timeout with connect() (failed with error:22).

To get the ciphersuite, I am using the following code:
rtn = setsockopt(fd, SOL_TLS, TLS_CIPHERSUITE_USED, 0, 0); if (rtn) { printk("Ciphersuite Used: %x\n", rtn); }

Any thoughts on this?

cchoi22915

Here is the description of TLS_CIPHERSUITE_USED:

`/** Read-only socket option to read a ciphersuite chosen during TLS handshake.

It returns an integer containing an IANA assigned ciphersuite identifier
of chosen ciphersuite.
*/
#define TLS_CIPHERSUITE_USED 4`

jaredwolff

cchoi22915 the modem firmware only supports certain cipher suites. I know I had some issues with HTTPS originally because the Rust code I was using supported only newer more require cipher suites. Since modem firmware 1.3.1, the modem firmware supports more modern/compatible cipher suites.

I would double check to make sure that your HTTP connection works before moving to HTTPs. That way you can rule out any DNS issues and connection issues.

cchoi22915

jaredwolff Hi Jared, I am trying to update my modem firmware, but I am running into issues getting the firmware to execute. I have followed all of the instructions on the readme for mfw_update, but it is failing with extra: [Probes.COM5] [ModemUARTDFUProbe] Failed to load dll at C:\Users\Chris\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\site-packages\pynrfjprog\lib_x64\NRFDFU.dll.

I am not sure what other steps I can take to get this running as NRFDFU.dll does not seem to exist. I made a separate post on this issue, but I cannot seem to resolve it.

jaredwolff

Also, @cchoi22915, I know that older MFW did not have SNI support for sub-domains (I mentioned this originally here: https://community.jaredwolff.com/d/298-https-get-request-json-returns-html). I was using Lets Encrypt on a sub-domain and it was failing to connect. I eventually had to move to a server that was not using it in order to use the nRF9160.

Hope we can get this resolved soon!