페이지 선택
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in pages

10.1       Overview of AT Commands for SSL

 

 

 

Command

Description

AT+CCHSTART

Start SSL service

AT+CCHSTOP

Stop SSL service

AT+CCHOPEN

Connect to SSL server

AT+CCHCLOSE

Disconnect from SSL server

AT+CCHSEND

Send data to SSL server

AT+CCHRECV

Read the cached data that received from the SSL server

AT+CCHCFG

Configure the client context

AT+CCHSSLCFG

Set the SSL context

AT+CCHSET

Configure the report mode of sending and receiving data

AT+CCHMODE

Configure the mode of sending and receiving data

AT+CCHADDR

Get the IPV4 address

AT+CSSLCFG

Configure the SSL context

AT+CCERTDOWN

Download certificate into the module

AT+CCERTLIST

List certificates

AT+CCERTDELE

Delete certificates

 

 

 

 

10.2       Detailed Description of AT Commands for SSL

 

 

 

10.2.1          AT+CCHSTART   Start SSL service

 

 

 

AT+CCHSTART   Start SSL service

Execution Command

Response

AT+CCHSTART

a)If start SSL service successfully:

 

OK

 

+CCHSTART: 0

 

 

 

b) If start SSL service successfully:

+CCHSTART: 0

 

OK

c) If failed:

ERROR

d) If failed:

OK

 

+CCHSTART: <err>

Parameter Saving Mode

Maximum Response Time

120000ms

Reference

 

Defined Values

 

<err>

Integer type, which indicates the result code.

 

Example

 
   

 

 
   

 

 

 

10.2.2          AT+CCHSTOP   Stop SSL service

 

 

 

AT+CCHSTOP   Stop SSL service

Execution Command

AT+CCHSTOP

Response

a)If stop SSL service successfully:

+CCHSTOP: 0

 

OK

b)If stop SSL service successfully:

OK

 

+CCHSTOP: 0

c)If failed:

 

 

 

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<err>

Integer type, which indicates the result code.

 

Example

 
   

 

 

 

10.2.3          AT+CCHOPEN   Connect to SSL server

 

 

 

AT+CCHOPEN    Connect to SSL server

Test Command

AT+CCHOPEN=?

Response

+CCHOPEN: (0-1),”ADDRESS”,(1-65535)[,(1-2)[,(1-65535)]]

 

OK

Read Command

AT+CCHOPEN?

Response

If connect to a server, it will show the connected information. Otherwise, the connected information is empty.

+CCHOPEN: 0,”<host>”,<port>,<client_type>[,<bind_port>]

+CCHOPEN: 1,”<host>”,<port>,<client_type>[,<bind_port>]

 

OK

Write Command

AT+CCHOPEN=<session

_id>,”host”,<port>[,<clie nt_type>[,<bind_port>]]

Response

a) If connect successfully:

+CCHOPEN: <session_id>,0

 

OK

b) If connect successfully:

OK

 

+CCHOPEN: <session_id>,0

c) If connect successfully in transparent mode:

CONNECT [<text>]

d) If failed:

 

 

 

OK

 

+CCHOPEN: <session_id>,<err> [+CCHCLOSE: <session_id>,<err>] e)If failed:

ERROR

f)If failed in transparent mode:

CONNECT FAIL

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<session_id>

The session index to operate. It’s from 0 to 1.

<host>

The server address, length range is 1 to 256.

<port>

The server port which to be connected, the range is from 1 to 65535.

<client_type>

The type of client: 1 – TCP client.

2    – SSL/TLS client.

Default value is 2.

<bind_port>

The local port for channel, the range is from 1 to 65535.

<text>

CONNECT result code string; the string formats please refer

ATX/AT\V/AT&E command.

<err>

Integer type, the result of operation.0 is success, other value is failure.

 

Example

 
   

 

 
   

 

 

 

10.2.4          AT+CCHCLOSE    Disconnect from SSL server

 

 

AT+CCHCLOSE    Disconnect from SSL server

Write Command

AT+CCHCLOSE=<session_id>

Response

a)If successfully:

+CCHCLOSE: <session_id>,0

 

OK

b)If successfully:

OK

 

+CCHCLOSE: <session_id>,0

c)If successfully in transparent mode:

OK

 

CLOSED

d)If failed:

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<session_id>

The session index to operate. It’s from 0 to 1.

<err>

Integer type, the result of operation. 0 is success, other value is failure

 

Example

 
   

 

 

 

10.2.5          AT+CCHSEND   Send data to SSL server

 

 

 

AT+CCHSEND    Send data to SSL server

Test Command

AT+CCHSEND=?

Response

+CCHSEND: (0-1),(1-2048)

 

OK

Read Command

AT+CCHSEND?

Response

+CCHSEND: 0,<unsent_len_0>,1,<unsent_len_1>

 

 

 

 

OK

Write Command

Response

AT+CCHSEND=<session_id

a)if parameter is right:

>,<len>

 

<input data here>

 

When the total size of the inputted data reaches <len>, TA will report

 

the following code. Otherwise, the serial port will be blocked.

 

OK

 

b)If parameter is wrong or other errors occur:

 

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<session_id>

The session index to operate. It’s from 0 to 1.

<len>

The length of data to send. Its range is from 1 to 2048 bytes.

<unsent_len_0>

The data of connection 0 cached in sending buffer which is waiting to

be sent.

<unsent_len_1>

The data of connection 1 cached in sending buffer which is waiting to

be sent.

 

Example

 
   

 

 

 

10.2.6          AT+CCHRECV   Read the cached data that received from the server

 

 

 

AT+CCHRECV    Read the cached data that received from the server

Read Command

AT+CCHRECV?

Response

+CCHRECV: LEN,<cache_len_0>,<cache_len_1>

 

OK

 

 

Write Command

AT+CCHRECV=<session_id>[

,<max_recv_len>]

Response

a)if parameter is right and there are cached data:

OK

 

[+CCHRECV: DATA,<session_id>,<len>

+CCHRECV: DATA,<session_id>,<len>

…]

+CCHRECV: <session_id>,<err>

b) if parameter is not right or any other error occurs:

+CCHRECV: <session_id>,<err>

 

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<session_id>

The session_id to operate. It’s from 0 to 1.

<max_recv_len>

Maximum bytes of data to receive in the current AT+CCHRECV calling. It will read all the received data when the value is greater than the length of RX data cached for session <session_id>.

0 means the maximum bytes to receive is 2048 bytes. (But, when 2048  is  greater  than  the  length  of  RX  data  cached  for  session

<session_id>,  0  means  the  length  of  RX  data  cached  for session

<session_id>).

The default value is the length of RX data cached for session

<session_id>.

It will be not allowed when there is no data in the cache.

<cache_len_0>

The length of RX data cached for connection 0.

<cache_len_1>

The length of RX data cached for connection 1.

<len>

The length of data followed.

<err>

String type, displays the cause of occurring error, please refer to

Chapter 10.3 for details.

 

Example

 
   
 

 

 

 

 

10.2.7          AT+CCHADDR    Get IPV4 address

 

 

 

AT+CCHADDR    Get IPV4 address

Execution Command

AT+CCHADDR

Response:

+CCHADDR: <ip_address>

 

OK

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<ip_address>

A string

activated.

parameter

that

identifies

the

IPv4

address

after

PDP

 

Example

 
   

 

 

 

10.2.8          AT+CCHCFG   Configure the client context

 

 

 

AT+CCHCFG   Configure the client context

Test Command

Response

 

 

AT+CCHCFG=?

+CCHCFG: “sendtimeout”,(0-1),(60-150)

+CCHCFG: “sslctx”,(0-1),(0-9)

 

OK

Read Command

Response

AT+CCHCFG?

+CCHCFG: 0,<sendtimeout_val>,<sslctx_index>

 

+CCHCFG: 1,<sendtimeout_val>,<sslctx_index>

 

OK

Write Command

 

/*Configure the timeout value of the specified client when sending data*/

 

AT+CCHCFG=”sendtimeout”,

<session_id>,<sendtimeout_ val>

Response

If successfully:

OK

If failed:

ERROR

Write Command

 

/*Configure the SSL context index, it’s as same as AT+CSSLCFG*/

 

AT+CCHCFG=”sslctx”,<sessi on_id>,<sslctx_index>

Response

If successfully:

OK

If failed:

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<session_id>

The session_id to operate. It’s from 0 to 1.

<sendtimeout_val>

The timeout value used in sending data stage. The range is 60-150

seconds. The default value is 150.

<sslctx_index>

The SSL context ID which will be used in the SSL connection. Refer to

the <ssl_ctx_index> of AT+CSSLCFG.

 

Example

 
   

 

 
   
 

10.2.9          AT+CCHSSLCFG   Set the SSL context

 

 

 

AT+CCHSSLCFG   Set the SSL context

Test Command

AT+CCHSSLCFG=?

Response

+CCHSSLCFG: (0-1),(0-9)

 

OK

Read Command

AT+CCHSSLCFG?

Response

+CCHSSLCFG: <session_id>,[ssl_ctx_index]

+CCHSSLCFG: <session_id>,[ssl_ctx_index]

 

OK

Write Command AT+CCHSSLCFG=<session_i d>,<ssl_ctx_index>

Response

a)  If successfully:

OK

b)  If failed:

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<session_id>

The session_id to operate. It’s from 0 to 1.

<ssl_ctx_index>

The SSL context ID which will be used in the SSL connection. Refer to

the <ssl_ctx_index> of AT+CSSLCFG.

 

Example

 
   

 

 
   
 

 

 

 

 

10.2.10      AT+CCHMODE    Configure the mode of sending and receiving data

 

 

 

AT+CCHMODE   Configure the mode of sending and receiving mode

Test Command

AT+CCHMODE=?

Response

+CCHMODE: (0-1)

 

OK

Read Command

AT+CCHMODE?

Response

+CCHMODE: <mode>

 

OK

Write Command

AT+CCHMODE=<mode>

Response

a)  If successfully:

OK

b)  If failed:

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<mode>

The mode value: 0 – Normal

1 – Transparent mode

The default value is 0.

 

Example

 
   

 

 
   
 

 

 

 

10.2.11      AT+CCHSET   Configure the report mode of sending and receiving data

 

 

 

AT+CCHSET    Configure the report mode of sending and receiving data

Test Command

AT+CCHSET=?

Response

+CCHSET: (0-1),(0,1)

 

OK

Read Command

AT+CCHSET?

Response

+CCHSET: <report_send_result>,<recv_mode>

 

OK

Write Command AT+CCHSET=<report_send_r esult>[,<recv_mode>]

Response

a)  If successfully:

OK

b)  If failed:

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<report_send_result>

Whether to report result of CCHSEND, the default value is 0: 0 – No.

1–Yes. Module will report +CCHSEND: <session_id>,<err> to MCU

when complete sending data.

<recv_mode>

The receiving mode:

0  — Output the data to MCU whenever received data.

1     — Module caches the received data and notifies MCU with

+CCHEVENT: <session_id>, RECV EVENT.

MCU can use AT+CCHRECV to receive the cached data (only in manual receiving mode).

 

Example

 
   
 

 

 

 

 

 

10.2.12      AT+CSSLCFG   Configure the SSL context

 

 

 

AT+CSSLCFG   Configure the SSL context

Test Command

AT+CSSLCFG=?

Response

+CSSLCFG: “sslversion”,(0-9),(0-4)

+CSSLCFG: “authmode”,(0-9),(0-3)

+CSSLCFG: “ignorelocaltime”,(0-9),(0,1)

+CSSLCFG: “negotiatetime”,(0-9),(10-300)

+CSSLCFG: “cacert”,(0-9),(5-128)

+CSSLCFG: “clientcert”,(0-9),(5-128)

+CSSLCFG: “clientkey”,(0-9),(5-128)

+CSSLCFG: “enableSNI”,(0-9),(0,1)

+CSSLCFG: “keypwd”,(0-9),(0-128)

+CSSLCFG: “ciphersuites”,(0-9),(0x002F,0xFFFF)

 

OK

Read Command

AT+CSSLCFG=?

Response

+CSSLCFG:

0,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

1,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

2,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

3,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

4,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

 

 

5,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

6,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

7,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

8,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

+CSSLCFG:

9,<sslversion>,<authmode>,<ignoreltime>,<negotiatetime>,<ca

_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI_flag>,<keyp wd>,<ciphersuites>

 

OK

Write Command

/*Query the configuration of the specified SSL context*/ AT+CSSLCFG=<ssl_ctx_inde x>

Response

+CSSLCFG:

<ssl_ctxindex>,<sslversion>,<authmode>,<ignoreltime>,<negot iatetime>,<ca_file>,<clientcert_file>,<clientkey_file>,<enalbeSNI

_flag>,<keypwd>,<ciphersuites>

 

OK

Write Command

/*Configure the version of the specified SSL context*/

 

AT+CSSLCFG=”sslversion”,< ssl_ctx_index>,<sslversion>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the authentication of the specified SSL context*/

 

AT+CSSLCFG=”authmode”,< ssl_ctx_index>,<authmode>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the ignore local time flag of the specified SSL context*/

 

AT+CSSLCFG=”ignorelocalti

Response

a) If successfully:

OK

b) If failed:

ERROR

 

me”,<ssl_ctx_index>,<ignore

ltime>

 

Write Command

/*Configure the negotiate timeout value of the specified SSL context*/

 

AT+CSSLCFG=”negotiatetim e”,<ssl_ctx_index>,<negotiat etime>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the server root CA of the specified SSL context*/

 

AT+CSSLCFG=”cacert”,<ssl_ ctx_index>,<ca_file>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the client certificate of the specified SSL context*/

 

AT+CSSLCFG=”clientcert”,<s sl_ctx_index>,<clientcert_file

> 

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the client key of the specified SSL context*/

 

AT+CSSLCFG=”clientkey”,<s sl_ctx_index>,<clientkey_file

> 

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the enableSNI flag of the specified SSL context*/

 

AT+CSSLCFG=”enableSNI”,<

ssl_ctx_index>,<enableSNI_F lag>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the password of the specified SSL context*/

 

AT+CSSLCFG=”keypwd”,<ss l_ctx_index>,<keypwd>

Response

a) If successfully:

OK

b) If failed:

ERROR

Write Command

/*Configure the ciphersuite of the specified SSL context*/

Response

a)If successfully:

OK

 

 

 

AT+CSSLCFG=”ciphersuites ”,<ssl_ctx_index>,<ciphersui tes>

b)If failed:

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<ssl_ctx_index>

The SSL context ID. The range is 0-9.

<sslversion>

The SSL version, the default value is 4. 0 – SSL3.0

1 – TLS1.0

2 – TLS1.1

3 – TLS1.2

4 – All

 

The configured version should be support by server. So you should use the default value if you can’t confirm the version which the server supported.

<authmode>

The authentication mode, the default value is 0. 0 – no authentication.

1  –server authentication. It needs the root CA of the server.

2  –server and client authentication. It needs the root CA of the server, the cert and key of the client.

3  –client authentication and no server authentication. It needs the cert

and key of the client.

<ignoreltime>

The flag to indicate how to deal with expired certificate, the default value is 1.

0 – care about time check for certification. 1 – ignore time check for certification

 

When set the value to 0, it need to set the right current date and time by AT+CCLK when need SSL certification.

<negotiatetime>

The timeout value which is used in SSL negotiating stage. The range

is 10-300 seconds. The default value is 300.

<ca_file>

The root CA file name of SSL context. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

 

There are two ways to download certificate files to module:

 

 

 

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<clientcert_file>

The client cert file name of SSL context. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

 

There are two ways to download certificate files to module:

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<clientkey_file>

The client key file name of SSL context. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

 

There are two ways to download certificate files to module:

1.   By AT+CCERTDOWN.

2.   By FTPS or HTTPS commands. Please refer to chapter 12 and 13.

<enableSNI_flag>

The flag to indicate that enable the SNI flag or not, the default value is 0.

0  – not enable SNI.

1  – enable SNI.

<keypwd>

The password of the client key file of SSL context. When the client needs to be authorized, client key file is needed. Because the client key file may be encrypted, we need the

<keypwd> to decrypt it. The length of <keypwd> is from 0 to 128

bytes.

<ciphersuites>

Numeric type, SSL ciphersuites

 

0x002F           TLS_RSA_WITH_AES_128_CBC_SHA

 

0xFFFF          Support all

 

Example

 
   

 

 

 

  • AT+CCERTDOWN Download certificate into the module
 

 

AT+CCERTDOWN    Download certificate into the module

Test Command

AT+CCERTDOWN=?

Response

+CCERTDOWN: (5-128),(1-10240)

 

OK

Write Command

AT+CCERTDOWN=<filename

>,<len>

Response

a) If it can be download:

<input data here>

 

OK

b) If failed:

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<filename>

The name of the certificate/key file. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The string in the quotation mark should be hexadecimal of the filename’s UTF8 code).

For example: If you want to download a file with name “中华.pem”, you

should     convert     the     “    中     华     .pem”     to     UTF8     coding

(&#x4E2D;&#x534E;.pem),       then       input       the       hexadecimal

(262378344532443B262378353334453B2E70656D) of UTF8 coding.

len>

The length of the file data to send. The range is from 1 to 10240 bytes.

 

Example

 
   

 

 

 

  • AT+CCERTLIST List certificates

 

 

 

AT+CCERTLIST   List certificates

Execution Command

AT+CCERTLIST

Response

[+CCERTLIST: <file_name>

 

 

 

 

 

 

Parameter Saving Mode Maximum Response Time Reference

[+CCERTLIST: <file_name>]

<CR><LF>] OK

 

 

Defined Values

 

<file_name>

The certificate/key files which has been downloaded to the module.

If the filename contains non-ASCII characters, it will show the non-ASCII characters as UTF8 code.

 

Example

 
   

 

 

 

  •  

AT+CCERTDELE    Delete certificates

  • AT+CCERTDELE Delete certificates

 

 

 

 

Write Command

Response

AT+CCERTDELE=<filename>

a)If delete successfully:

 

OK

 

b)If failed:

 

ERROR

Parameter Saving Mode

Maximum Response Time

Reference

 

Defined Values

 

<filename>

The name of the certificate/key file. The file name must have type like “.pem” or “.der”. The length of filename is from 5 to 128 bytes.

If the filename contains non-ASCII characters, the file path parameter should contain a prefix of {non-ascii} and the quotation mark (The

string in the quotation mark should be hexadecimal of the filename’s

 

 

 

UTF8 code).

For example: If you want to download a file with name “中华.pem”, you should convert the “ 中 华 .pem” to UTF8 coding (&#x4E2D;&#x534E;.pem), then input the hexadecimal (262378344532443B262378353334453B2E70656D) of UTF8 coding.

 

Example

 
   

 

 

 

 

  • Command result <err> codes

 

 

 
   
  • Operation succeeded
  •  
 
   
  • Alerting state(reserved)
  • Unknown error
  •  
 
   
  • Busy
  • Peer closed
  •  
 
   
  • Operation timeout
  • Transfer failed
  •  
 
   
  • Memory error
  • Invalid parameter
  •  
 
   
  • Network error
  • Open session error
  •  
 
   
  • State error
  • Create socket error
  •  
 
   
  • Get DNS error
  • Connect socket error
  •  
 
   
  • Handshake error
  • Close socket error
  •  
 
   
  • Nonet
  • Send data timeout
  •  
 
   
  • Not set certificates
 

10.4       Unsolicited result codes

 

 

 

Information                                                                     Description

+CCHEVENT: <session_id>,RECV EVENT

In manual receiving mode, when new data of a connection arriving to the module, this unsolicited result code will be reported to

MCU.

+CCH_RECV_CLOSED: <session_id>,<err>

When receive data occurred any error, this

unsolicited result code will be reported to MCU.

+CCH_PEER_CLOSED: <session_id>

The connection is closed by the server.

Adsense

EMW3070

Viewed Page List