• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1396 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3200: Security parameters for https server connection

Koichiro Tashiro
Mastermind 22945 points
Part Number: CC3200
Other Parts Discussed in Thread: SHA-256, ,

Hi,

My customer is using CC3200MOD and wants to connect it to https server.

Security specification at server side:
- Protocol : TLS1.0
- Certification parameter : Key RSA 2048bits, Hash algorithm SHA-256
- DV certification is used
- See attached sec.png which is taken by PC browser when the browser is connected to the server.



Client:
- CC3200 sample code is used.
C:\ti\CC3200SDK_1.3.0\cc3200-sdk\docs\examples\http_client_demo

Customer wants to know which security parameters (defined in below header file around line317) should be used to connect this server.
C:\ti\CC3200SDK_1.3.0\cc3200-sdk\simplelink\include\socket.h

Below is an example code shown in Wiki page.
http://processors.wiki.ti.com/index.php/CC3200_HTTP_Client_Demo


   /* Security parameters */

   sparams.method.secureMethod = SL_SO_SEC_METHOD_TLSV1_2;

   sparams.mask.secureMask = SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA;

   strncpy(sparams.cafile, SL_SSL_CA_CERT, sizeof(SL_SSL_CA_CERT));

   sparams.privkey[0] = 0;

   sparams.cert[0] = 0;

   sparams.dhkey[0] = 0;

   HTTPCli_setSecureParams(&sparams);


Thanks and regards,
KoT

  • 0
    TI__Mastermind 27605 points
    Hi KoT

    If you simply don't set the secure mask and method then the CC3200 can fully negotiate with the server which one is best.

    -Aaron
  • 0 in reply to made4engineering
    TI__Mastermind 22945 points

    Aaron,

    Thanks for your reply.
    Could you give me a bit details what customer should do?

    Just setting method and mask to zero would be OK?

       /* Security parameters */

       sparams.method.secureMethod = SL_SO_SEC_METHOD_TLSV1_2;               <= Set to ‘0’?

       sparams.mask.secureMask = SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA;   <= Set to ‘0’?

       strncpy(sparams.cafile, SL_SSL_CA_CERT, sizeof(SL_SSL_CA_CERT));

       sparams.privkey[0] = 0;

       sparams.cert[0] = 0;

       sparams.dhkey[0] = 0;

       HTTPCli_setSecureParams(&sparams);

    Other part of the codes including below HTTPCli_connet() can be left as is?

    HTTPCli_connect(&cli, (struct sockaddr *)&addr, HTTPCli_TYPE_TLS, NULL);


    Thanks and regards,
    KoT

  • 0 in reply to Koichiro Tashiro
    TI__Mastermind 27605 points
    I believe that should work. The HTTP client library will not set the method and mask if they are set to 0.

    -Aaron