Q: TLS usage on FTP /MQTT /HTTP servers. How to deal with available cyphers?
A: The ydoc Telit modem has these cyphers available:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,T
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_AES_128_GCM_SHA256,
TLS_AES_256_GCM_SHA384,
TLS_CHACHA20_POLY1305_SHA256
When a custom build FTP /MQTT /HTTP server is used, one of these cyphers must be available on the server.
T: Cipher availability can be checked using this FAQ.
Cypher selection is done during log-in. When the selection process stalls, the log-in is aborted.
We discovered that decoding a self-signed certificate stalls on these cyphers (first two in the server list):
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
The problem is FTP /MQTT /HTTP server related and can be solved by removing these cyphers from the server or select a fixed and configure a fixed cypher. (Choose one of the remaining cyphers from the server cypher list).