Closed Maher9494 closed 4 years ago
sbernard31
commented
4 years ago By default CBC is not activated because this cipher is not really consider as safe enough now. Maybe we should activate it for demo :thinking:
I will look at your capture deeply on Monday.
Maher9494
commented
4 years ago Thanks a lot ... I'll really appreciate your help 😄
sbernard31
commented
4 years ago I looked at your capture and I confirm that your device only propose "deprecated" cipher suite based on "unsecured" CBC.
So the solution is to allow more secure cipher at device side (based on GCM,CCM or CCM8) like : TLS_PSK_WITH_AES_128_CCM_8.
Or enable old cipher in leshan, currently there is no other way than modifying the code. But I can add a new argument to leshan-server-demo to allow "deprecated cipher suite".
If you prefer modify directly the code, this should looks like this:
LeshanServerBuilder serverBuilder = new LeshanServerBuilder();
Builder dtlsConfig = new DtlsConnectorConfig.Builder();
dtlsConfig.setRecommendedCipherSuitesOnly(false);
builder.setDtlsConfig(dtlsConfig);
LeshanServer server = serverBuilder.build();I created a new PR with a new "oc" option to enable "old" cipher suites : #815.
If you can tell me if it works for you :pray:
Maher9494
commented
4 years ago Thanks a lot for the help it's working perfectly now 😄
sbernard31
commented
4 years ago So we can close this issue ? :)
Maher9494
commented
4 years ago Yes sure, thanks again :)
Greetings, I'm using Quectel BC66-NA, and I'm trying to connect to the LWM2M server via PSK. The connection is being dropped during the DTLS handshaking with error code 40. I've checked the available ciphers in both the server and the module as referenced in #650 and I've found that the cipher TLS_PSK_WITH_AES_128_CBC_SHA256 is common cipher between the module and the server ! This was my wireshark log :
wireshark.zip
Thanks in advance