Command

Description

AT+CCHSTART

Start SSL service

AT+CCHSTOP

Stop SSL service

AT+CCHOPEN

Connect to SSL server

AT+CCHCLOSE

Disconnect from SSL server

AT+CCHSEND

Send data to SSL server

AT+CCHRECV

Read the cached data that received from the SSL server

AT+CCHCFG

Configure the client context

AT+CCHSSLCFG

Set the SSL context

AT+CCHSET

Configure the report mode of sending and receiving data

AT+CCHMODE

Configure the mode of sending and receiving data

AT+CCHADDR

Get the IPV4 address

AT+CSSLCFG

Configure the SSL context

AT+CCERTDOWN

Download certificate into the module

AT+CCERTLIST

List certificates

AT+CCERTDELE

Delete certificates

AT+CCHSTART   Start SSL service

Execution Command

Response

AT+CCHSTART

a)If start SSL service successfully:

OK

+CCHSTART: 0

b) If start SSL service successfully:

+CCHSTART: 0

OK

c) If failed:

ERROR

d) If failed:

OK

+CCHSTART: <err>

Parameter Saving Mode

–

Maximum Response Time

120000ms

Reference

–

<err>

Integer type, which indicates the result code.

AT+CCHSTOP   Stop SSL service

Execution Command

AT+CCHSTOP

Response

a)If stop SSL service successfully:

+CCHSTOP: 0

OK

b)If stop SSL service successfully:

OK

+CCHSTOP: 0

c)If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<err>

Integer type, which indicates the result code.

AT+CCHOPEN    Connect to SSL server

Test Command

AT+CCHOPEN=?

Response

+CCHOPEN: (0-1),”ADDRESS”,(1-65535)[,(1-2)[,(1-65535)]]

OK

Read Command

AT+CCHOPEN?

Response

If connect to a server, it will show the connected information. Otherwise, the connected information is empty.

+CCHOPEN: 0,”<host>”,<port>,<client_type>[,<bind_port>]

+CCHOPEN: 1,”<host>”,<port>,<client_type>[,<bind_port>]

OK

Write Command

AT+CCHOPEN=<session

_id>,”host”,<port>[,<clie nt_type>[,<bind_port>]]

Response

a) If connect successfully：

+CCHOPEN: <session_id>,0

OK

b) If connect successfully：

OK

+CCHOPEN: <session_id>,0

c) If connect successfully in transparent mode：

CONNECT [<text>]

d) If failed：

OK

+CCHOPEN: <session_id>,<err> [+CCHCLOSE: <session_id>,<err>] e)If failed:

ERROR

f)If failed in transparent mode:

CONNECT FAIL

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<session_id>

The session index to operate. It’s from 0 to 1.

<host>

The server address, length range is 1 to 256.

<port>

The server port which to be connected, the range is from 1 to 65535.

<client_type>

The type of client: 1 – TCP client.

2    – SSL/TLS client.

Default value is 2.

<bind_port>

The local port for channel, the range is from 1 to 65535.

<text>

CONNECT result code string; the string formats please refer

ATX/AT\V/AT&E command.

<err>

Integer type, the result of operation.0 is success, other value is failure.

AT+CCHCLOSE    Disconnect from SSL server

Write Command

AT+CCHCLOSE=<session_id>

Response

a)If successfully：

+CCHCLOSE: <session_id>,0

OK

b)If successfully：

OK

+CCHCLOSE: <session_id>,0

c)If successfully in transparent mode：

OK

CLOSED

d)If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<session_id>

The session index to operate. It’s from 0 to 1.

<err>

Integer type, the result of operation. 0 is success, other value is failure

AT+CCHSEND    Send data to SSL server

Test Command

AT+CCHSEND=?

Response

+CCHSEND: (0-1),(1-2048)

OK

Read Command

AT+CCHSEND?

Response

+CCHSEND: 0,<unsent_len_0>,1,<unsent_len_1>

OK

Write Command

Response

AT+CCHSEND=<session_id

a)if parameter is right:

>,<len>

> 

<input data here>

When the total size of the inputted data reaches <len>, TA will report

the following code. Otherwise, the serial port will be blocked.

OK

b)If parameter is wrong or other errors occur:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<session_id>

The session index to operate. It’s from 0 to 1.

<len>

The length of data to send. Its range is from 1 to 2048 bytes.

<unsent_len_0>

The data of connection 0 cached in sending buffer which is waiting to

be sent.

<unsent_len_1>

The data of connection 1 cached in sending buffer which is waiting to

be sent.

AT+CCHRECV    Read the cached data that received from the server

Read Command

AT+CCHRECV?

Response

+CCHRECV: LEN,<cache_len_0>,<cache_len_1>

OK

Write Command

AT+CCHRECV=<session_id>[

,<max_recv_len>]

Response

a)if parameter is right and there are cached data:

OK

[+CCHRECV: DATA,<session_id>,<len>

…

+CCHRECV: DATA,<session_id>,<len>

…]

+CCHRECV: <session_id>,<err>

b) if parameter is not right or any other error occurs:

+CCHRECV: <session_id>,<err>

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<session_id>

The session_id to operate. It’s from 0 to 1.

<max_recv_len>

Maximum bytes of data to receive in the current AT+CCHRECV calling. It will read all the received data when the value is greater than the length of RX data cached for session <session_id>.

0 means the maximum bytes to receive is 2048 bytes. (But, when 2048  is  greater  than  the  length  of  RX  data  cached  for  session

<session_id>,  0  means  the  length  of  RX  data  cached  for session

<session_id>).

The default value is the length of RX data cached for session

<session_id>.

It will be not allowed when there is no data in the cache.

<cache_len_0>

The length of RX data cached for connection 0.

<cache_len_1>

The length of RX data cached for connection 1.

<len>

The length of data followed.

<err>

String type, displays the cause of occurring error, please refer to

Chapter 10.3 for details.

AT+CCHADDR    Get IPV4 address

Execution Command

AT+CCHADDR

Response:

+CCHADDR: <ip_address>

OK

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<ip_address>

A string

activated.

parameter

that

identifies

the

IPv4

address

after

PDP

AT+CCHCFG   Configure the client context

Test Command

Response

AT+CCHCFG=?

+CCHCFG: “sendtimeout”,(0-1),(60-150)

+CCHCFG: “sslctx”,(0-1),(0-9)

OK

Read Command

Response

AT+CCHCFG?

+CCHCFG: 0,<sendtimeout_val>,<sslctx_index>

+CCHCFG: 1,<sendtimeout_val>,<sslctx_index>

OK

Write Command

/*Configure the timeout value of the specified client when sending data*/

AT+CCHCFG=”sendtimeout”,

<session_id>,<sendtimeout_ val>

Response

If successfully:

OK

If failed:

ERROR

Write Command

/*Configure the SSL context index, it’s as same as AT+CSSLCFG*/

AT+CCHCFG=”sslctx”,<sessi on_id>,<sslctx_index>

Response

If successfully:

OK

If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<session_id>

The session_id to operate. It’s from 0 to 1.

<sendtimeout_val>

The timeout value used in sending data stage. The range is 60-150

seconds. The default value is 150.

<sslctx_index>

The SSL context ID which will be used in the SSL connection. Refer to

the <ssl_ctx_index> of AT+CSSLCFG.

AT+CCHSSLCFG   Set the SSL context

Test Command

AT+CCHSSLCFG=?

Response

+CCHSSLCFG: (0-1),(0-9)

OK

Read Command

AT+CCHSSLCFG?

Response

+CCHSSLCFG: <session_id>,[ssl_ctx_index]

+CCHSSLCFG: <session_id>,[ssl_ctx_index]

OK

Write Command AT+CCHSSLCFG=<session_i d>,<ssl_ctx_index>

Response

a)  If successfully:

OK

b)  If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<session_id>

The session_id to operate. It’s from 0 to 1.

<ssl_ctx_index>

The SSL context ID which will be used in the SSL connection. Refer to

the <ssl_ctx_index> of AT+CSSLCFG.

AT+CCHMODE   Configure the mode of sending and receiving mode

Test Command

AT+CCHMODE=?

Response

+CCHMODE: (0-1)

OK

Read Command

AT+CCHMODE?

Response

+CCHMODE: <mode>

OK

Write Command

AT+CCHMODE=<mode>

Response

a)  If successfully:

OK

b)  If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<mode>

The mode value: 0 – Normal

1 – Transparent mode

The default value is 0.

AT+CCHSET    Configure the report mode of sending and receiving data

Test Command

AT+CCHSET=?

Response

+CCHSET: (0-1),(0,1)

OK

Read Command

AT+CCHSET?

Response

+CCHSET: <report_send_result>,<recv_mode>

OK

Write Command AT+CCHSET=<report_send_r esult>[,<recv_mode>]

Response

a)  If successfully:

OK

b)  If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<report_send_result>

Whether to report result of CCHSEND, the default value is 0: 0 – No.

1–Yes. Module will report +CCHSEND: <session_id>,<err> to MCU

when complete sending data.

<recv_mode>

The receiving mode:

0  — Output the data to MCU whenever received data.

1     — Module caches the received data and notifies MCU with

+CCHEVENT: <session_id>, RECV EVENT.

MCU can use AT+CCHRECV to receive the cached data (only in manual receiving mode).

AT+CSSLCFG   Configure the SSL context

Test Command

AT+CSSLCFG=?

Response

+CSSLCFG: “sslversion”,(0-9),(0-4)

+CSSLCFG: “authmode”,(0-9),(0-3)

+CSSLCFG: “ignorelocaltime”,(0-9),(0,1)

+CSSLCFG: “negotiatetime”,(0-9),(10-300)

+CSSLCFG: “cacert”,(0-9),(5-128)

+CSSLCFG: “clientcert”,(0-9),(5-128)

+CSSLCFG: “clientkey”,(0-9),(5-128)

+CSSLCFG: “enableSNI”,(0-9),(0,1)

+CSSLCFG: “keypwd”,(0-9),(0-128)

+CSSLCFG: “ciphersuites”,(0-9),(0x002F,0xFFFF)

OK

Read Command

AT+CSSLCFG=?

Response

+CSSLCFG:

0,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

1,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

2,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

3,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

4,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

5,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

6,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

7,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

8,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

9,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

OK

Write Command

/*Query the configuration of the specified SSL context*/ AT+CSSLCFG=<ssl_ctx_inde x>

Response

+CSSLCFG:

<ssl_ctxindex>,<sslversion>,<authmode>,<ignoreltime>,<negot iatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI

_flag>,<keypwd>,<ciphersuites>

OK

Write Command

/*Configure the version of the specified SSL context*/

AT+CSSLCFG=”sslversion”,< ssl_ctx_index>,<sslversion>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the authentication of the specified SSL context*/

AT+CSSLCFG=”authmode”,< ssl_ctx_index>,<authmode>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the ignore local time flag of the specified SSL context*/

AT+CSSLCFG=”ignorelocalti

Response

a) If successfully:

OK

b) If failed:

ERROR

me”,<ssl_ctx_index>,<ignore

ltime>

Write Command

/*Configure the negotiate timeout value of the specified SSL context*/

AT+CSSLCFG=”negotiatetim e”,<ssl_ctx_index>,<negotiat etime>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the server root CA of the specified SSL context*/

AT+CSSLCFG=”cacert”,<ssl_ ctx_index>,<ca_file>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the client certificate of the specified SSL context*/

AT+CSSLCFG=”clientcert”,<s sl_ctx_index>,<clientcert_file

> 

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the client key of the specified SSL context*/

AT+CSSLCFG=”clientkey”,<s sl_ctx_index>,<clientkey_file

> 

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the enableSNI flag of the specified SSL context*/

AT+CSSLCFG=”enableSNI”,<

ssl_ctx_index>,<enableSNI_F lag>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the password of the specified SSL context*/

AT+CSSLCFG=”keypwd”,<ss l_ctx_index>,<keypwd>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the ciphersuite of the specified SSL context*/

Response

a)If successfully:

OK

AT+CSSLCFG=”ciphersuites ”,<ssl_ctx_index>,<ciphersui tes>

b)If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<ssl_ctx_index>

The SSL context ID. The range is 0-9.

<sslversion>

The SSL version, the default value is 4. 0 – SSL3.0

1 – TLS1.0

2 – TLS1.1

3 – TLS1.2

4 – All

The configured version should be support by server. So you should use the default value if you can’t confirm the version which the server supported.

<authmode>

The authentication mode, the default value is 0. 0 – no authentication.

1  –server authentication. It needs the root CA of the server.

2  –server and client authentication. It needs the root CA of the server, the cert and key of the client.

3  –client authentication and no server authentication. It needs the cert

and key of the client.

<ignoreltime>

The flag to indicate how to deal with expired certificate, the default value is 1.

0 – care about time check for certification. 1 – ignore time check for certification

When set the value to 0, it need to set the right current date and time by AT+CCLK when need SSL certification.

<negotiatetime>

The timeout value which is used in SSL negotiating stage. The range

is 10-300 seconds. The default value is 300.

<ca_file>

The root CA file name of SSL context. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

There are two ways to download certificate files to module:

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<clientcert_file>

The client cert file name of SSL context. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

There are two ways to download certificate files to module:

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<clientkey_file>

The client key file name of SSL context. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

There are two ways to download certificate files to module:

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<enableSNI_flag>

The flag to indicate that enable the SNI flag or not, the default value is 0.

0  – not enable SNI.

1  – enable SNI.

<keypwd>

The password of the client key file of SSL context. When the client needs to be authorized, client key file is needed. Because the client key file may be encrypted, we need the

<keypwd> to decrypt it. The length of <keypwd> is from 0 to 128

bytes.

<ciphersuites>

Numeric type, SSL ciphersuites

0x002F           TLS_RSA_WITH_AES_128_CBC_SHA

0xFFFF          Support all

AT+CCERTDOWN    Download certificate into the module

Test Command

AT+CCERTDOWN=?

Response

+CCERTDOWN: (5-128),(1-10240)

OK

Write Command

AT+CCERTDOWN=<filename

>,<len>

Response

a) If it can be download:

> 

<input data here>

OK

b) If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<filename>

The name of the certificate/key file. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

For example: If you want to download a file with name “中华.pem”, you

should     convert     the     “    中     华     .pem”     to     UTF8     coding

(&#x4E2D;&#x534E;.pem),       then       input       the       hexadecimal

(262378344532443B262378353334453B2E70656D) of UTF8 coding.

len>

The length of the file data to send. The range is from 1 to 10240 bytes.

AT+CCERTLIST   List certificates

Execution Command

AT+CCERTLIST

Response

[+CCERTLIST: <file_name>

<file_name>

The certificate/key files which has been downloaded to the module.

If the filename contains non-ASCII characters, it will show the non-ASCII characters as UTF8 code.

Write Command

Response

AT+CCERTDELE=<filename>

a)If delete successfully:

OK

b)If failed:

ERROR

Parameter Saving Mode

–

Maximum Response Time

–

Reference

–

<filename>

The name of the certificate/key file. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The

string in the quotation mark should be hexadecimal of the filename’s

UTF8 code).

For example: If you want to download a file with name “中华.pem”, you should convert the “ 中 华 .pem” to UTF8 coding (&#x4E2D;&#x534E;.pem), then input the hexadecimal (262378344532443B262378353334453B2E70656D) of UTF8 coding.

Information                                                                     Description

+CCHEVENT: <session_id>,RECV EVENT

In manual receiving mode, when new data of a connection arriving to the module, this unsolicited result code will be reported to

MCU.

+CCH_RECV_CLOSED: <session_id>,<err>

When receive data occurred any error, this

unsolicited result code will be reported to MCU.

+CCH_PEER_CLOSED: <session_id>

The connection is closed by the server.