+QTTPGET: 701 with EG95 and HTTPS

Hello,
I’m using with an HTTPS server the UG96 modem and everything works fine (I have hundreds of modems installed in the field)
Here the list of command I’m sending:

AT+QHTTPCFG=“contextid”,1
AT+QIACT=1
AT+QIACT?
+QIACT: 1,1,1,“xxx.xx.xx.xx”

AT+QHTTPCFG=“sslctxID”,1
AT+QSSLCFG=“sslversion”,1,3
AT+QSSLCFG=“ciphersuite”,1,“0xFFFF”
AT+QSSLCFG=“seclevel”,1,0

AT+QHTTPGET=80
+QHTTPGET: 0,200,<content_length>
From the documenation by setting the “seclevel” to 0 I don’t need to send Certiticates
Now I want to pass to the EG95 modem
From the documentation the only different command I have to send
is
AT+QSSLCFG=“ciphersuite”,1,0xFFFF
instead of
AT+QSSLCFG=“ciphersuite”,1,“0xFFFF”
( the parameter SSL cipher suite is a number instead of a string)
So with the EG95 the list of command I’m sending is
AT+QIACT=1
AT+QIACT?
+QIACT: 1,1,1,“xxx.xx.xx.xx”

AT+QHTTPCFG=“sslctxID”,1
AT+QSSLCFG=“sslversion”,1,3
AT+QSSLCFG=“ciphersuite”,1,0xFFFF
AT+QSSLCFG=“seclevel”,1,0

AT+QHTTPGET=80
but always I obtain
+QHTTPGET: 701
I so in the Forum a similar request for the modem BG96, but no answer,
Best Regards
Roberto

Dear Roberto Pozzi,
Thanks for your inquiry in Quectel forum.
As you knwo that the err0r code 701 means that HTTP(S) unknow error, and the following example also use the number of SSL cipher suite, so please double check your HTTP server support which cipher suite, and it is better to provide your whole test AT log, then we can help to confirm the reason. Thanks!
image


This problem was caused by our server not having the ciphers that the BG96 wanted. Although our server had one cipher that was supposed to be available on the BG96, obviously it wasn’t working, and we would always get 701 whenever we tried to post or get from from our server using https.

To solve the problem, we increased the ciphers on our server to the following:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

If you are getting this problem from a server you do not control, then I fear you are out of luck.

Thanks for your sharing in Quectel forum. Thanks!

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 was the only cipher that our server had that was as valid cipher on the BG96, but it did not work. Adding other matching ciphers solved our problem.

I spoke with another user today that also had the same issue of a 701 error connecting to an HTTPS server, and the only matching cipher on that server was the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as well.

This leads me to believe that cipher does not work on the BG96 and possibly other modules as well. Perhaps some engineers at Quectel can take a look at that specific cipher to see if there is an issue with it.

Dear Matthew,
Thanks for your suggestion. I will feedback it to our RD to double check it. Any news, i will let you know. Thanks!

hi,

can we try same example provide into data sheet ?
as i have try same details but get same erroor : 701

i had also try with some other URL but get same errors : 
can you help me point out the issue, what i am doing wrong

i just need to verify https communication is working or not

AT+CGREG?

+CGREG: 0,1

OK
AT+CSQ

+CSQ: 21,99

OK
AT+QICSGP=1,1,“www”,"","",0

OK
AT+QIDEACT=1

OK
AT+QIACT?

OK
AT+QIACT=1

OK
AT+QIACT?

+QIACT: 1,1,1,“10.54.190.143”

OK
AT+QHTTPCFG=“contextid”,1

OK
AT+QHTTPCFG=“responseheader”,1

OK
AT+QHTTPCFG=“sslctxid”,1

OK
AT+QSSLCFG=“sslversion”,1,1

OK
AT+QSSLCFG=“ciphersuite”,1,0x0005

OK
AT+QSSLCFG=“seclevel”,1,0

OK
AT+QHTTPURL=22,150

CONNECT
https://www.alipay.com
OK
AT+QHTTPGET=80

OK

+QHTTPGET: 701

AT+QHTTPURL=41,150

CONNECT
https://ptsv2.com/t/0pqh7-1605078077/post
OK
AT+QHTTPGET=80

OK

+QHTTPGET: 701

Dear Ashvin,
Thanks for your inquiry in Quectel forum.
It is not recommend to use the same example in the data sheet. You can refer to it, but please use your own URL address that confirm it have no any issue.
For HTTPs, you need to confirm whether the URL you used required any certificate file, and use which cipher, then you need to use the same cipher with module. Thanks!

HI,
thanks for your reply.

is there any way to find out this information from " URL " , bcz i tried but not able find out that information.

" you need to confirm whether the URL you used required any certificate file, and use which cipher, then you need to use the same cipher with module"

or can you provide any test server if you have any, to test with certificate and cypher details.

looking forward to hear from you.
Thanks

Dear Ashvin,
The test server we used just for inside test, sorry that cannot share with you. Thanks!
About HTTPs, the AT sequence is OK, just need to confirm the cipher and certificate file. Of course you can try to test HTTP to confirm whether the function is normal. Thanks!

Hi,
I get certificate details from server, can you help me to work out. as i have try but not able to communicate with server.

i have attached the log for same.

AT+QFLST="RAM:*"<CR><LF>
<CR><LF>
+QFLST: "RAM:ca_cert.pem",1907<CR><LF>
<CR><LF>
OK<CR><LF>
AT+CPIN?<CR><LF>
<CR><LF>
+CPIN: READY<CR><LF>
<CR><LF>
OK<CR><LF>
AT+CGREG?<CR><LF>
<CR><LF>
+CGREG: 0,1<CR><LF>
<CR><LF>
OK<CR><LF>
AT+CSQ<CR><LF>
<CR><LF>
+CSQ: 22,99<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QICSGP=1,1,"www","","",0<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QIDEACT=1<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QIACT?<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QIACT=1<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QIACT?<CR><LF>
<CR><LF>
+QIACT: 1,1,1,"100.116.88.251"<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QIDNSCFG?<CR><LF>
<CR><LF>
ERROR<CR><LF>
AT+QHTTPCFG="contextid",1<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QHTTPCFG="sslctxid",1<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QSSLCFG="sslversion",1,2 <CR><LF>
<CR><LF>
OK<CR><LF>
AT+QSSLCFG="ciphersuite",1,0xFFFF<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QSSLCFG="seclevel",1,1 <CR><LF>
<CR><LF>
OK<CR><LF>
AT+QSSLCFG="cacert",1,"RAM:ca_cert.pem"<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QHTTPURL=74,150<CR><LF>
<CR><LF>
CONNECT<CR><LF>
https://pdpqadevicesync.orbitron.in:8443/v1/DeviceActivitySync/GetDateTime<CR><LF>
OK<CR><LF>
AT+QHTTPGET=80<CR><LF>
<CR><LF>
OK<CR><LF>
<CR><LF>
+QHTTPGET: 714<CR><LF>
AT+QIDNSCFG<CR><LF>
<CR><LF>
ERROR<CR><LF>
AT+QIDNSCFG=1<CR><LF>
<CR><LF>
+QIDNSCFG: 1,"10.95.210.54","10.95.210.56"<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QIACT?<CR><LF>
<CR><LF>
+QIACT: 1,1,1,"100.116.88.251"<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QHTTPURL=74,150<CR><LF>
<CR><LF>
CONNECT<CR><LF>
https://pdpqadevicesync.orbitron.in:8443/v1/DeviceActivitySync/GetDateTime<CR><LF>
OK<CR><LF>
AT+QHTTPGET=80<CR><LF>
<CR><LF>
OK<CR><LF>
<CR><LF>
+QHTTPGET: 701<CR><LF>
AT+QSSLCFG="cacert",1,"RAM:ca_cert.pem"<CR><LF>
<CR><LF>
OK<CR><LF>
AT+QHTTPURL=74,150<CR><LF>
<CR><LF>
CONNECT<CR><LF>
https://pdpqadevicesync.orbitron.in:8443/v1/DeviceActivitySync/GetDateTime<CR><LF>
OK<CR><LF>
AT+QHTTPGET=80<CR><LF>
<CR><LF>
OK<CR><LF>
<CR><LF>
+QHTTPGET: 714<CR><LF>

upload certificate file on modem, is it wright format for uploading certificate?

Dear Ashvin,
Thanks for your updating.
About your issue, as we know that the error code 714 means that HTTP(S) DNS error, and 701 means that unknow error. For the log you provide, it have no obvious error, it may related to the network, we may need to catch the debug log to confirm it. About the URL, i try to open it in browser, but cannot open it. You may need to double check it. And about the certificate, you need to confirm have not open it before upload it to module. Thanks!
You also can email to support@quectel.com to get the debug tool and catch the module debug log to analyze the root reason. Thanks!

HI
Thanks for your response.

About the URL


check above image, as i have test in google browser it will be open correctly.

what type of debug log you require for more information about query.
2. you need to confirm have not open it before upload it to module.
Query: should i close the certificate file before , This at command AT+QSSLCFG=“cacert”,1,“RAM:ca_cert.pem” ?

Looking forward to hear from you.
Thanks

Dear Ashvin,
Thanks for your updating.
About your issue, if you can confirm that it do not need any certificate, you can set as the following command and do not need set the command AT+QSSLCFG=“cacert”,1,“RAM:ca_cert.pem” .
AT+QSSLCFG=“seclevel”,1,0 //Set SSL verify level as 0 which means CA certificate is not
needed.
Of course, if you change the seclevel, the responding certificate also should configured. Thanks!

Hi,

Thanks for updating.

I had checked, server configuration and found that cypher suit used in our server is not listed on documentation(SSL AT Manual).
server cypher suit : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL Version : TLS 1.2

i found this information from Firefox browser :

as I have discuss with our team it is not possible to update that. so, is there any other way to communicate with server with same configuration details?

can we update supported cypher suit list of quectel modem (EC25-E)?

Looking forward to here from you.
Thanks