FAQ(s)

⌘K
  1. Home
  2. Docs
  3. FAQ(s)
  4. Network & Modem
  5. TLS usage on FTP /MQTT /HTTP servers

TLS usage on FTP /MQTT /HTTP servers

Q: TLS usage on FTP /MQTT /HTTP servers. How to deal with available cyphers?

A: The ydoc  Telit modem has these cyphers available:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,T

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

TLS_RSA_WITH_AES_128_CBC_SHA,

TLS_RSA_WITH_AES_256_CBC_SHA,

TLS_DHE_RSA_WITH_AES_128_CBC_SHA,

TLS_DHE_RSA_WITH_AES_256_CBC_SHA,

TLS_RSA_WITH_AES_128_CBC_SHA256,

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,

TLS_RSA_WITH_AES_256_CBC_SHA256,

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,

TLS_AES_128_GCM_SHA256,

TLS_AES_256_GCM_SHA384,

TLS_CHACHA20_POLY1305_SHA256

When a custom build FTP /MQTT /HTTP server is used, one of these cyphers must be available on the server.

T: Cipher availability can be checked using this FAQ.

Cypher selection is done during log-in. When the selection process stalls, the log-in is aborted.

We discovered that decoding a self-signed certificate stalls on these cyphers (first two in the server list):

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

The problem is FTP /MQTT /HTTP server related and can be solved by removing these cyphers from the server or select a fixed and configure a fixed cypher.  (Choose one of the remaining cyphers from the server cypher list).

How can we help?