SSL, TLS, Mbed-TLS, 1.4.1, TCP client exercise with WIFI AT, Command, → Continues with HTTP(S), MQTT(S), and AWS IoT on this site.
TCP SSL/TLS Client Exercise
Let’s practice encrypted communication by applying SSL/TLS security right on top of the TCP Layer.
As prior learning, you can refer to TCP communication practice in § PC IoT/NET/TCP Exercise(SSL/TLS).
1. TCP SSL/TLS Client Command Sequence
| No | Command Sequence | Response/Event | Description |
| 1 | AT+WJAP=EDWORKS2,edw12345\r |
OK +WEVNET:STATION_UP |
Connect WIFI module to AP |
| Check the server IP address in advance | |||
| 2 | AT+SSLCERTSET=0\r | > |
Settings to enter CA Certificate Response is “>” |
| > Input Certificate/Upload File |
Enter//File-upload the CA Certificate (Refer to the picture below) |
||
| 1A | Send as the last character, HEX Value 1A | ||
| 3 | AT+SSLCERTSET=1\r | > |
Settings to enter Client Certificate Response is “>” |
| > Input Certificate/Upload File |
Enter//File-upload the client’s Certificate (Refer to the picture below) |
||
| 1A | OK | Send as the last character, HEX Value 1A | |
| 4 | AT+SSLCERTSET=2\r | > |
Settings to enter Client Private Key Response is “>” |
| > Input Certificate/Upload File |
Enter//File-upload the client’s private key (Refer to the picture below) |
||
| 1A | OK | Send as the last character, HEX Value 1A | |
| AT+CIPEVENT=ON\r | Set TCP event notification to on | ||
| 5 | AT+CIPSSLOPT=0,1,1\r | OK | |
| 6 | AT+CIPSTART=0,ssl_client,192.168.0.2,20000\r |
OK +CIPEVENT:0,SERVER,CONNECTED |
Connected to the server with ID=0 |
| 7 | AT+CIPSEND=0,10\r | > | Data transmission in command mode |
| Hi, Server |
> 12345 OK |
Enter data to be transmitted (enter data within 0.5 seconds) |
|
| AT+CIPEVENT=OFF\r | Set TCP Event Notification Off | ||
| 8 | AT+CIPSENDRAW\r | > |
Data transmission in data mode (Data mode = Transparent mode) |
| > Hi, This is transparent mode data | Input data to be transmitted through serial port | ||
| +++ | OK |
Return to command mode (enter +++ within 0.5 seconds) |
|
| 9 | AT+CIPSTOP=0\r |
OK +CIPEVENT:0,SERVER,CLOSED |
Close TCP socket, ID-0 connection |
♦ How to enter a certificate
When using Geshe Beacon, enter the certificate by file upload method as shown below.
Don’t forget to add “1A” after entering the certificate.
When programming the host MCU directly or entering the certificate using other serial communication SW,
Copy the certificate itself and send it as input as a string.
2. Running a TCP SSL/TLS server
♦ Run a TCP server
Start the server as follows using OpenSSL in the Windows command window.
→ OpenSSL/bin>openssl s_server -cert server.crt -key server.key -verify 1 -CAfile ca.crt -accept 443
or
→ OpenSSL/bin>openssl s_server -cert server.crt -key server.key -Verify 10 -CAfile ca.crt –accept 443
3. Check TCP SSL/TLS Communication Operation
♦ By executing No. 9 in the procedure, the client is normally connected to the TCP SSL/TLS server.
♦ Data transfer(client→server): Result of executing command procedure No. 10
♦ Data transmission(Server→Client): The server sends data to the client by inputting the following.
♦ Data transmission (Server → Client): The data received from the TCP client is as follows.
♦ Let’s try sending and receiving data even in data mode (Transparent mode).
WiFi IoT Module
Bluetooth Module
5G/LTE/CAT-M1/NB-IoT
