• State
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 516 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3200: Unable to connect to the network with TLS 1.2 certificate

Sundaresan Thangeswaran1
Intellectual 410 points
Part Number: CC3200

Hi,

One of our customer using EAP MSCHAPv2 for connecting to their WIFI network for last one year. Now he is upgrading the radius server certificate from TLS 1.0 to TLS 1.2

CC3200 is not able to connect to the network and showing the below error message in the radius server event log for TLS 1.2

"The client and server cannot communicate, because they do not possess a common algorithm"

We are using the service pack: CC3200SDK_1.3.0

Build Version 2.10.0.0.31.1.5.0.2.1.0.3.37

Please help us to resolve this issue.

Regards,

Sundar

  • 0
    TI__Mastermind 40965 points

    Hi Sundar,

    What settings do you have in your code for EapMethod when you setup the EAP connection? Is it simply SL_ENT_EAP_METHOD_PEAP1_MSCHAPv2?

    Could you please collect the NWP logs from the device so I can see what errors the CC3200 is reporting from its end? Instructions can be found in section 20.1 of the NWP user's guide: http://www.ti.com/lit/swru455

    Could also please collect the packet capture from the listening port of the radius server? Seeing the EAP traffic and what goes wrong in the handshake would be useful for debug.

    Regards,

    Michael

  • 0
    Intellectual 410 points

    Hi Michael,

    Thank you for the input. We still facing the issue in configuring  WIFI (PEAP-MSCHAP)

    We are using the TI library for provisioning, we use mysimplelink.net link in the web browser and provision the device.

    A packet capture between the CC3200 and the access point is attached. Based on the first client hello, it appears that the cc3200 is using TLS1.0.

    Customer is using Network Policy & Access Server (NPS) on Server 2012 R2 and the certificate issued to the server is using SHA256.

    Our device is in customer site we are unable to get the NWP logs.

    Could you please help us to resolve the issue using above info.

    Regards,

    Sundar

  • 0 in reply to Sundaresan Thangeswaran1
    TI__Mastermind 40965 points

    Hi Sundar,

    The packet capture provided appears to show the CC3200 connect to the network successfully. That being said, it is still using TLS1.0 in the captured handshake. Could you please provide a packet capture showing a failure case with TLS1.2?

    Thanks,
    Michael