• State TI Thinks Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 820 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3100: SSL connection to server with ROOT CA Signature Algorithm: sha256WithRSAEncryption;

Prajnith Kumar
Intellectual 295 points
Part Number: CC3100
Other Parts Discussed in Thread: CC3200,

Hello Everyone,

I'm trying to connect to server GeoTrust Primary Certification Authority - G3 (https://ssltest21.bbtest.net) , Signature Algorithm: sha256WithRSAEncryption;

Root CA  - https://www.geotrust.com/resources/root_certificates/certificates/Geotrust_PCA_G3_Root.pem

my service service pack is CC3100_CC3200_ServicePack_1.0.1.11-2.10.0.0

my connection setting is 

Method = SL_SO_SEC_METHOD_SSLv3_TLSV1_2

Cipher = SL_SEC_MASK_SECURE_DEFAULT

when i try to connect i get Error -461, I tried other ciphers with RSA and SHA256 but no luck.

I'm able to successfully connect to servers with ROOT CA Signature Algorithm: sha1WithRSAEncryption

Does CC3100 support sha256WithRSAEncryption ? 

I have directly updated CC3100_CC3200_ServicePack_1.0.1.06-2.10.0.0 to CC3100_CC3200_ServicePack_1.0.1.11-2.10.0.0, do i need to apply all the service packs between 1.0.1.06-2.10.0.0 to 1.0.1.11-2.10.0.0?

Thanks in Advance

- Prajnith

  • 0
    TI__Expert 8255 points
    Hi Prajinth,

    You should only need to apply the most recent service pack. Have you taken a look into the error code meaning? Is there a particular sdk example you are attempting to run?
  • 0 in reply to Austin Tanner
    Prodigy 20 points
    I am having a similar issue
    I can use a Root CA with sha1 signing algorithm (google example works)
    But I cannot use a Root CA with sha2 (sha256) signing algorithm.

    My service pack is 1.0.0.10.0.

    can you confirm if the sha2 signing algorithm is supported with service pack in 1.0.1.6.-2.6.0.5?
    From what I've been able to gather, sha384 support was added in 1.0.1.6.-2.6.0.5, but sha256 should have been supported with 1.0.0.10.0. However, it seems that others in the forum were having trouble with sha256 signed certificates and the recommendation was to use sha1 signed certs.
    Does the CC3100 and all service packs work with sha1 signed certs only?
  • 0 in reply to Austin Tanner
    Intellectual 295 points
    Currently only for GeoTrust Primary Certification Authority - G3 i'm get error code -461 which states that certificate is good and date is incorrect but I have set the correct date and this setting already works when cert is sha1.
  • 0 in reply to Prajnith Kumar
    Prodigy 20 points
    I solved my issue using this forum post : e2e.ti.com/.../2139053

    It was a matter of finding the cert that the CC3100 supported, which I needed to find from the multiple certificate path options shown at www.ssllabs.com/ssltest/analyze.html - as the "correct" certificate was not the one that works with browsers and most ssl applications.