Q: “Access denied” (when using SFTP /HTTPS) to a secure (web)server.
A: Secure access depends on server implemented TLS version and Cyphers.
T: Check webserver TLS and Cypher availability, it can be obtained using this website:
Enter the <fqdn> : <server port> combination
A list with supported TLS versions and available cyphers is generated and can be used to select an valid option to build a secure connection.
On a Windows environment, openssl.exe can be installed for a command line version tool.
C:> openssl.exe s_client -connect <broker address>:<port>
ML-x17 series data loggers
The ME910 (WW type) modem on a ML-417xxx Data Logger supports TLS version 1.3. (With fallback to a lower version). Only the cypher sets should be checked.
Other modems types are supporting maximum TLS version 1.2.
The (ftp or web) server must support a minimum TLS version 1.2.
To check and change TLS version, use the COM option from maintenance menu to connect to the modem and execute the AT#SSLSECCFG2 command.
The AT#SSLSECCFG command is used to specify which cipher suite the (web)server prefers to secure a TLS connection with.
ML-525xx series data loggers
If the server uses a self-signed certificate, the data logger can’t verify if it is valid. (With the standard CA-certificates installed).
Due European RED regulations, certificate verification is default.
To use the certificate (without verification), disable certificate verification in the data logger modem using these AT commands:
Goto the main menu and open [2], “Serial port terminals”.
Choose [M], “Modem port”
The modem will power-up.
– Check (and enable) enable SSL
AT#SSLEN?
AT#SSLEN=1,1
- Check (and switch off) certificate verification
AT#SSLSECCFG?
AT#SSLSECCFG=1,0,0
In the “Certificate Chain” result page, certificates can be downloaded in .PEM format.
