페이지 선택
Generic selectors
Exact matches only
Search in title
Search in content
Search in pages
AT Commands For SSL

  

Command Description
AT+CCHSTART Start SSL service
AT+CCHSTOP Stop SSL service
AT+CCHOPEN Connect to SSL server
AT+CCHCLOSE Disconnect from SSL server
AT+CCHSEND Send data to SSL server
AT+CCHRECV Read the cached data that received from the SSL server
AT+CCHCFG Configure the client context
AT+CCHSSLCFG Set the SSL context
AT+CCHSET Configure the report mode of sending and receiving data
AT+CCHMODE Configure the mode of sending and receiving data
AT+CCHADDR Get the IPV4 address
AT+CSSLCFG Configure the SSL context
AT+CCERTDOWN Download certificate into the module
AT+CCERTLIST List certificates
AT+CCERTDELE Delete certificates

 

 

 

 

AT+CCHSTART     Start SSL Service

  

E) AT+CCHSTART

a)If start SSL service successfully:

OK

 

+CCHSTART: 0

 

b) If start SSL service successfully:

+CCHSTART: 0

 

OK

 

c) If failed:

ERROR

 

d) If failed:

OK

 

+CCHSTART: <err>

Parameter Saving Mode
Maximum Response Time 120000ms
Reference
 

 

<err> Integer type, which indicates the result code.

 

 

Example

AT+CCHSTART

OK

 

+CCHSTART: 0

 

NOTE

You must execute AT+CCHSTART before any other SSL related operations

 

 

 

 

AT+CCHSTOP     Stop SSL Service

  

E) AT+CCHSTOP

a)If stop SSL service successfully:

+CCHSTOP: 0

 

OK

 

b)If stop SSL service successfully:

OK

 

+CCHSTOP: 0

 

c)If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference
 

 

<err> Integer type, which indicates the result code.

 

 

Example

AT+CCHSTOP

OK

 

+CCHSTOP: 0

 

 

 

 

AT+CCHOPEN    Connect To SSL Server

  

T) AT+CCHOPEN=?

+CCHOPEN: (0-1),”ADDRESS”,(1-65535)[,(1-2)[,(1-65535)]]

 

OK

R) AT+CCHOPEN?

If connect to a server, it will show the connected information.

Otherwise, the connected information is empty.

+CCHOPEN: 0,”<host>”,<port>,<client_type>[,<bind_port>]

+CCHOPEN: 1,”<host>”,<port>,<client_type>[,<bind_port>]

 

OK

W) AT+CCHOPEN=<session

_id>,”host”,<port>[,<clie nt_type>[,<bind_port>]]

a) If connect successfully:

+CCHOPEN: <session_id>,0

 

OK

 

b) If connect successfully:

OK

 

+CCHOPEN: <session_id>,0

 

c) If connect successfully in transparent mode:

CONNECT [<text>]

 

d) If failed:

OK

 

+CCHOPEN: <session_id>,<err>

[+CCHCLOSE: <session_id>,<err>]

 

e)If failed:

ERROR

 

f)If failed in transparent mode:

CONNECT FAIL

Parameter Saving Mode
Maximum Response Time
Reference
 

 

<session_id> The session index to operate. It’s from 0 to 1.
<host> The server address, length range is 1 to 256.
<port> The server port which to be connected, the range is from 1 to 65535.
<client_type>

The type of client:

1 – TCP client.

2 – SSL/TLS client.

Default value is 2.

<bind_port> The local port for channel, the range is from 1 to 65535.
<text>

CONNECT result code string; the string formats please refer ATX/AT\V/AT&E command.

<err>

Integer type, the result of operation.

0 is success, other value is failure.

 

 

Example

AT+CCHOPEN=0,”www.baidu.com”,443,2

OK

 

+CCHOPEN: 0,0

 

NOTE

If you don’t set the SSL context by AT+CCHSSLCFG before connecting a SSL/TLS server by AT+CCHOPEN,

it will use the <session_id> (the 1’st parameter of AT+CCHOPEN) SSL context when connecting to the server.

 

 

 

 

AT+CCHCLOSE     Disconnect From SSL Server

 

W) AT+CCHCLOSE=<session_id>

a)If successfully:

+CCHCLOSE: <session_id>,0

 

OK

 

b)If successfully:

OK

 

+CCHCLOSE: <session_id>,0

 

c)If successfully in transparent mode:

OK

 

CLOSED

 

d)If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference

 

 

<session_id>

The session index to operate.

It’s from 0 to 1.

<err>

Integer type, the result of operation.

0 is success, other value is failure

 

 

Example

AT+CCHCLOSE=0

OK

 

+CCHCLOSE: 0,0

 

 

 

 

AT+CCHSEND     Send Data To SSL Server

  

T) AT+CCHSEND=?

+CCHSEND: (0-1),(1-2048)

 

OK

R) AT+CCHSEND?

+CCHSEND: 0,<unsent_len_0>,1,<unsent_len_1>

OK

W) AT+CCHSEND=<session_id

>,<len>

a)if parameter is right:

>

<input data here>

When the total size of the inputted data reaches <len>, TA will report the following code.

Otherwise, the serial port will be blocked.

OK

 

b)If parameter is wrong or other errors occur:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference
 

  

<session_id>

The session index to operate.

It’s from 0 to 1.

<len>

The length of data to send.

Its range is from 1 to 2048 bytes.

<unsent_len_0>

The data of connection 0 cached in sending buffer which is waiting to be sent.

<unsent_len_1>

The data of connection 1 cached in sending buffer which is waiting to be sent.

 

 

Example

AT+CCHSEND=0,125

> GET / HTTP/1.1

Host: www.google.com.hk

User-Agent: MAUI htp User Agent

Proxy-Connection: keep-alive

Content-Length: 0

 

OK

 

 

 

 

AT+CCHRECV     Read The Cached Data That Received From The Server

 

R) AT+CCHRECV?

+CCHRECV: LEN,<cache_len_0>,<cache_len_1>

 

OK

W) AT+CCHRECV=<session_id>[,<max_recv_len>]

a)if parameter is right and there are cached data:

OK

[+CCHRECV: DATA,<session_id>,<len>

+CCHRECV: DATA,<session_id>,<len>

…]

+CCHRECV: <session_id>,<err>

 

b) if parameter is not right or any other error occurs:

+CCHRECV: <session_id>,<err>

ERROR

Parameter Saving Mode
Maximum Response Time
Reference
 

 

<session_id>

The session_id to operate.

It’s from 0 to 1.

<max_recv_len>

Maximum bytes of data to receive in the current AT+CCHRECV calling.

It will read all the received data when the value is greater than the length of RX data cached for session <session_id>.

0 means the maximum bytes to receive is 2048 bytes.

(But, when 2048  is  greater  than  the  length  of  RX  data  cached  for  session <session_id>, 

0  means  the  length  of  RX  data  cached  for session <session_id>).

The default value is the length of RX data cached for session <session_id>.

It will be not allowed when there is no data in the cache.

<cache_len_0> The length of RX data cached for connection 0.
<cache_len_1> The length of RX data cached for connection 1.
<len> The length of data followed.
<err>

String type, displays the cause of occurring error, please refer to Chapter 10.3 for details.

 

 

Example

AT+CCHRECV=1

OK

+CCHRECV: DATA,1,249

HTTP/1.1 200 OK

Content-Type: text/html

Content-Language: zh-CN

Content-Length: 57

Date: Tue, 31 Mar 2009 01:56:05 GMT

Connection: Close

Proxy-Connection: Close

 

<html>

<header>test</header>

<body> Test body

</body>

 

+CCHRECV: 1,0

 

 

 

 

AT+CCHADDR     Get IPV4 Address

  

E) AT+CCHADDR

+CCHADDR: <ip_address>

 

OK

Parameter Saving Mode
Maximum Response Time
Reference

 

 

<ip_address> A string parameter that identifies the IPV4 address after PDP activated.

 

 

Example

AT+CCHADDR

+CCHADDR: 10.71.155.118

 

OK

 

 

 

 

  AT+CCHCFG     Configure The Client Context

 

T) AT+CCHCFG=?

+CCHCFG: “sendtimeout”,(0-1),(60-150)

+CCHCFG: “sslctx”,(0-1),(0-9)

 

OK

R) AT+CCHCFG?

+CCHCFG: 0,<sendtimeout_val>,<sslctx_index>

+CCHCFG: 1,<sendtimeout_val>,<sslctx_index>

 

OK

W) 

 

AT+CCHCFG=”sendtimeout”,

<session_id>,<sendtimeout_val>

If successfully:

OK

If failed:

ERROR

W)  

 

AT+CCHCFG=”sslctx”,<session_id>,<sslctx_index>

If successfully:

OK

If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference

 

 

<session_id>

The session_id to operate.

It’s from 0 to 1.

<sendtimeout_val>

The timeout value used in sending data stage.

The range is 60-150 seconds.

The default value is 150.

<sslctx_index>

The SSL context ID which will be used in the SSL connection.

Refer to the <ssl_ctx_index> of AT+CSSLCFG.

 

 

Example

AT+CCHCFG=”sendtimeout”,0,60

OK

 

NOTE

This command must be called before AT+CCHOPEN and after AT+CCHSTART.

The setting will be cleared after AT+CCHOPEN failed or AT+CCHCLOSE.

 

 

 

 

AT+CCHSSLCFG     Set The SSL Context

 

T) AT+CCHSSLCFG=?

+CCHSSLCFG: (0-1),(0-9)

 

OK

R) AT+CCHSSLCFG?

+CCHSSLCFG: <session_id>,[ssl_ctx_index]

+CCHSSLCFG: <session_id>,[ssl_ctx_index]

 

OK

W) AT+CCHSSLCFG=<session_id>,<ssl_ctx_index>

a)  If successfully:

OK

 

b)  If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference

 

 

<session_id>

The session_id to operate.

It’s from 0 to 1.

<ssl_ctx_index>

The SSL context ID which will be used in the SSL connection.

Refer to the <ssl_ctx_index> of AT+CSSLCFG.

 

 

Example

AT+CCHSSLCFG=?

+CCHSSLCFG: (0-1),(0-9)

 

OK

AT+CCHSSLCFG=1,1

OK

 

NOTE

This command must be called before AT+CCHOPEN and after AT+CCHSTART.

The setting will be cleared after AT+CCHOPEN failed or AT+CCHCLOSE.

If you don’t set the SSL context by this command before connecting to SSL/TLS server by AT+CCHOPEN,

the CCHOPEN operation will use the SSL context as same as index <session_id> (the 1st parameter of AT+CCHOPEN) when connecting to the server.

 

 

 

 

AT+CCHMODE     Configure The Mode Of Sending And Receiving Data

  

T) AT+CCHMODE=?

+CCHMODE: (0-1)

 

OK

R) AT+CCHMODE?

+CCHMODE: <mode>

 

OK

W) AT+CCHMODE=<mode>

a)  If successfully:

OK

 

b)  If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference

 

 

<mode>

The mode value:

0 – Normal

1 – Transparent mode

The default value is 0.

 

 

Example

AT+CCHMODE=?

+CCHMODE: (0-1)

 

OK

AT+CCHMODE=1

OK

 

NOTE

This command must be called before AT+CCHSTART.

There is only one session in the transparent mode, it’s the first

 

 

 

 

AT+CCHSET     Configure The Report Mode Of Sending And Receiving Data

 

T) AT+CCHSET=?

+CCHSET: (0-1),(0,1)

 

OK

R) AT+CCHSET?

+CCHSET: <report_send_result>,<recv_mode>

 

OK

W) AT+CCHSET=<report_send_result>[,<recv_mode>]

a)  If successfully:

OK

 

b)  If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference

 

 

<report_send_result>

Whether to report result of CCHSEND, the default value is 0:

0 – No.

1–Yes.

Module will report +CCHSEND:

<session_id>,<err> to MCU when complete sending data.

<recv_mode>

The receiving mode:

0  — Output the data to MCU whenever received data.

1     — Module caches the received data and notifies MCU with +CCHEVENT: <session_id>, RECV EVENT.

MCU can use AT+CCHRECV to receive the cached data (only in manual receiving mode).

 

 

Example

AT+CCHSET=?

+CCHSET: (0-1),(0,1)

 

OK

AT+CCHSET=1,1

OK

 

NOTE

This command must be called before AT+CCHSTART.

 

 

 

 

 AT+CSSLCFG     Configure The SSL Context

  

T) AT+CSSLCFG=?

+CSSLCFG: “sslversion”,(0-9),(0-4)

+CSSLCFG: “authmode”,(0-9),(0-3)

+CSSLCFG: “ignorelocaltime”,(0-9),(0,1)

+CSSLCFG: “negotiatetime”,(0-9),(10-300)

+CSSLCFG: “cacert”,(0-9),(5-128)

+CSSLCFG: “clientcert”,(0-9),(5-128)

+CSSLCFG: “clientkey”,(0-9),(5-128)

+CSSLCFG: “enableSNI”,(0-9),(0,1)

+CSSLCFG: “keypwd”,(0-9),(0-128)

+CSSLCFG: “ciphersuites”,(0-9),(0x002F,0xFFFF)

 

OK

R) AT+CSSLCFG=?

+CSSLCFG:

0,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

1,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

2,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

3,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

4,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

5,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

6,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

7,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

8,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

+CSSLCFG:

9,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

 

OK

W) 

AT+CSSLCFG=<ssl_ctx_index>

+CSSLCFG:

<ssl_ctxindex>,<sslversion>,<authmode>,<ignoreltime>,<negot iatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keypwd>,<ciphersuites>

 

OK

W)  

AT+CSSLCFG=”sslversion”,< ssl_ctx_index>,<sslversion>

a) If successfully:

OK

 

b) If failed:

ERROR

W)  

AT+CSSLCFG=”authmode”,<ssl_ctx_index>,<authmode>

a) If successfully:

OK

 

b) If failed:

ERROR

W)  

AT+CSSLCFG=”ignorelocaltime”,<ssl_ctx_index>,<ignoreltime>

a) If successfully:

OK

 

b) If failed:

ERROR

W)  

AT+CSSLCFG=”negotiatetime”,<ssl_ctx_index>,<negotiatetime>

a) If successfully:

OK

 

b) If failed:

ERROR

W)  

AT+CSSLCFG=”cacert”,<ssl_ctx_index>,<ca_file>

a) If successfully:

OK

 

b) If failed:

ERROR

W)  

AT+CSSLCFG=”clientcert”,<ssl_ctx_index>,<clientcert_file> 

a) If successfully:

OK

 

b) If failed:

ERROR

W)  

AT+CSSLCFG=”clientkey”,<ssl_ctx_index>,<clientkey_file> 

a) If successfully:

OK

 

b) If failed:

ERROR

W)  

AT+CSSLCFG=”enableSNI”,<ssl_ctx_index>,<enableSNI_Flag>

a) If successfully:

OK

 

b) If failed:

ERROR

W)  

AT+CSSLCFG=”keypwd”,<ssl_ctx_index>,<keypwd>

a) If successfully:

OK

 

b) If failed:

ERROR

W) 

AT+CSSLCFG=”ciphersuites”,<ssl_ctx_index>,<ciphersui tes>

a)If successfully:

OK

 

b)If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference
 
 

 

<ssl_ctx_index> The SSL context ID. The range is 0-9.
<sslversion>

The SSL version, the default value is 4.

0 – SSL3.0

1 – TLS1.0

2 – TLS1.1

3 – TLS1.2

4 – All

 

The configured version should be support by server.

So you should use the default value if you can’t confirm the version which the server supported.

<authmode>

The authentication mode, the default value is 0.

0 – no authentication.

1  –server authentication. It needs the root CA of the server.

2  –server and client authentication. It needs the root CA of the server, the cert and key of the client.

3  –client authentication and no server authentication. It needs the cert and key of the client.

<ignoreltime>

The flag to indicate how to deal with expired certificate, the default value is 1.

0 – care about time check for certification.

1 – ignore time check for certification

 

When set the value to 0, it need to set the right current date and time by AT+CCLK when need SSL certification.

<negotiatetime>

The timeout value which is used in SSL negotiating stage.

The range is 10-300 seconds. The default value is 300.

<ca_file>

The root CA file name of SSL context.

The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

 

There are two ways to download certificate files to module:

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<clientcert_file>

The client cert file name of SSL context.

The file name must have type like “.pem” or “.der”.

The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

 

There are two ways to download certificate files to module:

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<clientkey_file>

The client key file name of SSL context.

The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

 

There are two ways to download certificate files to module:

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<enableSNI_flag>

The flag to indicate that enable the SNI flag or not, the default value is 0.

0  – not enable SNI.

1  – enable SNI.

<keypwd>

The password of the client key file of SSL context.

When the client needs to be authorized, client key file is needed.

Because the client key file may be encrypted, we need the<keypwd> to decrypt it.

The length of <keypwd> is from 0 to 128bytes.

<ciphersuites>

Numeric type, SSL ciphersuites 

0x002F           TLS_RSA_WITH_AES_128_CBC_SHA 

0xFFFF          Support all

 

 

Example

AT+CSSLCFG=”sslversion”,1,1

OK

 

 

 

 

AT+CCERTDOWN    Download Certificate Into The Module

 

T) AT+CCERTDOWN=?

+CCERTDOWN: (5-128),(1-10240)

 

OK

W) AT+CCERTDOWN=<filename>,<len>

a) If it can be download:

>

<input data here>

 

OK

 

b) If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference

 

 

<filename>

The name of the certificate/key file.

The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

For example: If you want to download a file with name “中华.pem”, you

should     convert     the     “    中     华     .pem”     to     UTF8     coding

(&#x4E2D;&#x534E;.pem),       then       input       the       hexadecimal

(262378344532443B262378353334453B2E70656D) of UTF8 coding.

len>

The length of the file data to send.

The range is from 1 to 10240 bytes.

 

 

Example

AT+CCERTDOWN=”client_key.der”,611

> file content……

OK

 

 

 

 

 AT+CCERTLIST     List Certificates

 

E) AT+CCERTLIST

[+CCERTLIST: <file_name>

[+CCERTLIST: <file_name>]

<CR><LF>]

OK

Parameter Saving Mode
Maximum Response Time
Reference
 

 

<file_name>

The certificate/key files which has been downloaded to the module.

If the filename contains non-ASCII characters, it will show the non-ASCII characters as UTF8 code.

 

 

Example

AT+CCERTLIST

+CCERTLIST: “ca_cert.der”

+CCERTLIST: “client_key.pem””

 

OK

 

 

 

 

AT+CCERTDELE     Delete Certificates

 

W) AT+CCERTDELE=<filename>

a)If delete successfully:

OK

 

b)If failed:

ERROR

Parameter Saving Mode
Maximum Response Time
Reference

 

 

<filename>

The name of the certificate/key file.

The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

For example: If you want to download a file with name “中华.pem”, you should convert the “ 中 华 .pem” to UTF8 coding (&#x4E2D;&#x534E;.pem), then input the hexadecimal (262378344532443B262378353334453B2E70656D) of UTF8 coding.

 

 

Example

AT+CCERTDELE=”server_ca.der”

OK

 

 

 

 

 Command result <err> codes

  

0 Operation succeeded
1 Alerting state(reserved)
2 Unknown error
3 Busy
4 Peer closed
5 Operation timeout
6 Transfer failed
7 Memory error
8 Invalid parameter
9 Network error
10 Open session error
11 State error
12 Create socket error
13 Get DNS error
14 Connect socket error
15 Handshake error
16 Close socket error
17 Nonet
18 Send data timeout
19 Not set certificates

 

 

 

 

 Unsolicited result codes

  

+CCHEVENT: <session_id>,RECV EVENT In manual receiving mode, when new data of a connection arriving to the module, this unsolicited result code will be reported to MCU.
+CCH_RECV_CLOSED: <session_id>,<err> When receive data occurred any error, this unsolicited result code will be reported to MCU.
+CCH_PEER_CLOSED: <session_id> The connection is closed by the server.
 

Adsense

EMW3070

Viewed Page List