Important: I have tried to file the bug to Quectel (a week ago), but I am still waiting for an answer. But it is such an urgent issue for me (and perhaps other people using BC660K), that I would like to know, if other people is seeing the same problem/Issue – when using SSL connection.
I connect to a Microsoft service, which is hosted at “azurewebsites.net” domain using SSL encryption. Until recently I was able to connect to service using QSSL, but the last few weeks it does not work anymore. QSSL report “exception”. I have not changed anything in the commands I use for the module, and the server application has not been updated either. But I believe the “azurewebsites.net” got its certificate renewed recently. The certificate now has a new root certificate “DigiCert Global Root G2”. Previously the root certificate was “Baltimore CyberTrust Root”. I do send both root certificates to BC660K, which has been working before.
Other services from Microsoft using “Baltimore CyberTrust Root” still works on BC660K. Eg. “test.azure-devices.net”, port 443.
A simple connection to “a.azurewebsites.net”, port 443 shows the issue.
I have looked at the logs from the debug port of BC660K, which clearly shows, that the SSL negotiation stops, when using a service with new root certificate.
I have tried to think what the issue is, and it could be due to a bug in SSL library MBED-TLS, which has been reported and fixed “SHA384 cipher suites are offered when MBEDTLS_SHA512_NO_SHA384 is enabled” (SHA384 cipher suites are offered when MBEDTLS_SHA512_NO_SHA384 is enabled · Issue #4499 · Mbed-TLS/mbedtls · GitHub).
This issue probably would tell the server, that SHA384 cipher is supported – but implementation is actually missing!!!
I hope for another explanation – because if that is actually the issue, it can be devastating for products in the field. Because how to update firmware remotely, if device cannot connect to online services / control server?
Any input to the issue I am seeing is appreciated… Thanks
PS: The firmware version of BC660K is: “BC660KGLAAR01A04_01.001.01.001”