BG96 : QSSLOPEN problem on one module

IoT Modules LPWA Module
1

Hello,

I have a problem on one of my BG96 modules, which gets 702 error timeout on a AT+QHTTPPOST command to an https:// URL (through SSL), while HTTP POST command works when connecting to an http:// URL (no SSL).

AT+QHTTPURL=58,80
CONNECT
OK
AT+QHTTPURL?
+QHTTPURL: https:[myserverURLwasthere]
OK
AT+QHTTPPOST=11,50
+QHTTPPOST: 702
AT+QHTTPURL=57,80
CONNECT
OK
AT+QHTTPURL?
+QHTTPURL: http:[myserverURLwasthere]
OK
AT+QHTTPPOST=11,50
+QHTTPPOST: 0,200,3

The same test done on another BG96 module works fine on both http:// and https:// URLs.

After some experiments, I found out that AT+QSSLOPEN works fine on the good module, but it stays with socket_state = 1 (“Opening”) and never goes to 2 (“Connected”) on the bad module.

  • HTTP configuration on both modules is as follows
    AT+QHTTPCFG?
    +QHTTPCFG: “contextid”,1
    +QHTTPCFG: “requestheader”,0
    +QHTTPCFG: “responseheader”,1
    +QHTTPCFG: “prefix”,“64:FF9B:0:0:0:0:0:0”,96
    +QHTTPCFG: “sslctxid”,1
    +QHTTPCFG: “contenttype”,0
    OK

  • SSL configuration on both modules is as follows
    AT+QSSLCFG=“sslversion”,1
    +QSSLCFG: “sslversion”,1,3
    OK
    AT+QSSLCFG=“ciphersuite”,1
    *+QSSLCFG: “ciphersuite”,1,0XC02F
    OK
    AT+QSSLCFG=“cacert”,1
    OK
    AT+QSSLCFG=“clientcert”,1
    OK
    AT+QSSLCFG=“clientkey”,1
    OK
    AT+QSSLCFG=“seclevel”,1
    +QSSLCFG: “seclevel”,1,0
    OK
    AT+QSSLCFG=“sni”,1
    +QSSLCFG: “sni”,1,0
    OK
    AT+QSSLCFG=“checkhost”,1
    +QSSLCFG: “checkhost”,1,0
    OK
    AT+QSSLCFG=“ignorecertchain”,1
    +QSSLCFG: “ignorecertchain”,1,1
    OK
    AT+QSSLCFG=“ignorelocaltime”,1
    +QSSLCFG: “ignorelocaltime”,1,1
    OK
    AT+QSSLCFG=“negotiatetime”,1
    +QSSLCFG: “negotiatetime”,1,300
    OK

  • QIACT PDP session is opened
    AT+QIACT?
    +QIACT: 1,1,1,"[myIPaddresswasthere]"

  • DNS config is set to Google DNS
    AT+QIDNSCFG=1
    +QIDNSCFG: 1,“8.8.8.8”,“8.8.4.4”

  • QSSLSTATE on bad module is as follows
    AT+QSSLOPEN=1,1,1,"[serverIPaddresswasthere]",443,1
    OK
    AT+QSSLSTATE
    +QSSLSTATE: 1,“SSLClient”,"[serverIPaddresswasthere]",443,18215,1,1,1,1,“uart1”,1

  • QSSLSTATE on good module is as follows
    AT+QSSLOPEN=1,1,1,"[serverIPaddresswasthere]",443,1
    OK
    AT+QSSLSTATE
    +QSSLSTATE: 1,“SSLClient”,"[serverIPaddresswasthere]",443,18215,2,1,1,1,“uart1”,1

I have tried with ciphersuite set to 0xFFFF, same behavior.

The only observed difference is that good module is firmware BG96MAR02A07M1G_01.016.01.016 and bad module is firmware BG96MAR02A07M1G_01.017.01.017.

Can you help me fixing this problem ?

Thanks

1 Like
2

Hi,
From logs you sent,
AT+QSSLCFG=“cacert”,1
OK
AT+QSSLCFG=“clientcert”,1
OK
AT+QSSLCFG=“clientkey”,1
OK
above commands only report OK means there is no certs, if you want post HTTPS you need upload certs firstly and then configure the path of trusted certificates for a specified SSL context.

for Upload certs pls find this command from FILE ApplicationNote(AT+QFUPL)
for configure the path of trusted certificates for a specified SSL context pls find commands from SSL ApplicationNote:

AT+QSSLCFG="cacert",<sslctxID>[,<cacertpath>]
AT+QSSLCFG="clientcert",<sslctxID>[,<clientcertpath>]
AT+QSSLCFG="clientcert",<sslctxID>[,<clientcertpath>]
1 Like