Couldn't connect to TLS 1.2 Server with BGS2-W | Thales IoT Developer Community
November 6, 2019 - 1:44pm, 2736 views
I'm trying to initiate a secured TCP socket connection with the modem BGS2-W.
The server is forcing the use of TLS 1.2.While I'm able to connect to other servers which supports lower version of TLS, I can't connect with TLS 1.2.
The response to the ATI1 command is
Cinterion
BGS2-W
REVISION 02.000
A-REVISION 01.000.17
Now , I have 2 questions
- What the TLS version supported by the modem?
- If there is a newer firmware image for the modem that fixes the issue, How to get it? and How to update the modem firmware?
Hello,
I have found the supported cipher suites list for revision 2 and it's quite short.
Cipher Suite | RFC | SSL/TLS version Comments
TLS_RSA_WITH_NULL_MD5 | RFC 2246 | TLS 1.0 (and SSL 3.0, RFC 6101)
TLS_RSA_WITH_NULL_SHA | RFC 2246 | TLS 1.0 (and SSL 3.0, RFC 6101)
TLS_RSA_WITH_3DES_EDE_CBC_SHA | RFC 4346 | mandatory in TLS v1.1
TLS_RSA_WITH_AES_128_CBC_SHA | RFC 3268 | mandatory in TLS v1.2 (RFC 5246)
So this might be a reason why the module can't connect.
I have also found the similar document for revision 4 where the list is much longer and there's the following statement:
"The TCP client services support the TLS 1.2 protocol (RFC 5246). The TCP client is able to fall
back to older version of TLS, i.e., TLS 1.0 (RFC 2246) or TLS 1.1 (RFC 4346). and to SSLv3
(RFC 6101)."
As for the firmware update we don't recommend to update rev2 to rev4 due to some hardware memory limitations. You should rather order new revision 4 modules if possible.
Best regards,
Bartłomiej
Dear Bartłomiej,
Regarding the update from rev2 to rev4, away from recommendation I want to know if it is possible or not.
Actually we have already the rev2 modem installed on more than 4000 device, so it will be impossible to replace all these device with a newer one.
Knowing that the modem is only used to have one socket at a time of connection with remote host and there is no any other loads on the modem, so I think we can have a try to upgrade the modem firmware.
So, kindly if you know that upgrading is possible and also it adds a value towards solving the TLS issue, could you please send me the new firmware image along with any documentation or tools needed during the upgrade process.
Thanks
Hello,
In such case I recommend you to contact your local Gemalto sales people from whom you have bought the modules. They will be able to give you more information on this topic.
Best regards,
Bartłomiej
Hello ahmedmoheb,
Did firmware update solve your problem?
I am also facing the same issue with the modem BGS2-E Rel.2.
@Bartłomiej, Could you please also send me Rel 3 firmware? I will try with my modem..
Thanks & Regards,
Akash
Hello,
I don't know what hardware version you have. It's definitely not possible to update rel1 to higher releases. As for rel2 it should be technically possible to install higher releases but there are still some minor hardware differences and you also will not be able to update the bootloader. We generally don't recommend such cross revision updates. Although in this case it can be reasonable. So you should rather contact your local Gemalto office with this.
Best regards,
Bartłomiej