SARA-R4/N4 series-AT Commands Manual
UBX-17003787 - R09

19SSL/TLS
Page 206 of 307
19.3î™–î™–î™–î™–SSL/TLS security layer profile manager +USECPRF
+USECPRF
SARA-R410M-01B SARA-R410M-02B SARA-R410M-52B SARA-R412MModules
SARA-N4
Syntax PIN required Settings saved Can be aborted Response time Error referenceAttributes
full No No No - +CME Error
19.3.1î™–î™–î™–î™–Description
Manages security profiles for the configuration of the following SSL/TLS connections properties:
• Certificate validation level:
o Level 0: no certificate validation; the server certificate will not be checked or verified. No additional
certificates are needed.
o Level 1: certificate validation against a specific or a list of imported trusted root certificates.
o Level 2: certificate validation with an additional URL integrity check (the server certificate common
name must match the server hostname).
o Level 3: certificate validation with an additional check on the certificate validity date.
CA certificates should be imported with the +USECMNG AT command
• Minimum SSL/TLS version to be used:
o Any
o TLS 1.0
o TLS 1.1
o TLS 1.2
• Exact cipher suite to be used (the cipher suite register of Internet Assigned Numbers Authority (IANA) is
provided in brackets):
o (0x002f) TLS_RSA_WITH_AES_128_CBC_SHA
o (0x003C) TLS_RSA_WITH_AES_128_CBC_SHA256
o (0x0035) TLS_RSA_WITH_AES_256_CBC_SHA
o (0x003D) TLS_RSA_WITH_AES_256_CBC_SHA256
o (0x000a) TLS_RSA_WITH_3DES_EDE_CBC_SHA
o (0x008c) TLS_PSK_WITH_AES_128_CBC_SHA
o (0x008d) TLS_PSK_WITH_AES_256_CBC_SHA
o (0x008b) TLS_PSK_WITH_3DES_EDE_CBC_SHA
o (0x0094) TLS_RSA_PSK_WITH_AES_128_CBC_SHA
o (0x0095) TLS_RSA_PSK_WITH_AES_256_CBC_SHA
o (0x0093) TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
o (0x00ae) TLS_PSK_WITH_AES_128_CBC_SHA256
o (0x00af) TLS_PSK_WITH_AES_256_CBC_SHA384
o (0x00b6) TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
o (0x00b7) TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
See Table 22 for the applicability of cipher suite depending on the module series.
• Certificate to be used for server and mutual authentication:
o The trusted root certificate. The CA certificate should be imported with the AT+USECMNG command.
o The client certificate that should be imported with the AT+USECMNG command.
o The client private key that should be imported with the AT+USECMNG command.
• Expected server hostname, when using certificate validation level 2 or 3.
• Password for the client private key, if it is password protected.
• Pre-shared key used for connection. Defines a pre-shared key and key-name (PSK), when a TLS_PSK_*
cipher suite is used.
• SNI (Server Name Indication). SNI is a feature of SSL/TLS which uses an additional SSL/TLS extension
header to specify the server name to which the client is connecting to. The extension was introduced to
support the certificate handling used with virtual hosting provided by the various SSL/TLS enabled servers
mostly in cloud based infrastructures. With the SNI a server has the opportunity to present a different
server certificate (or/and whole SSL/TLS configuration) based on the host indicated by the SNI extension.
To Next Page
Loading...
Need help?
General
