Transport Layer Security (TLS) Transparent mode and TLS
Digi XBee® 3 Cellular LTE Cat 1 AT&T Smart Modem User Guide
181
Transparent mode and TLS
Transparent mode connections made when IP (IP Protocol) = 4 (TLS) are made using the configuration
specified by $0 (TLS Profile 0).
API mode and TLS
On the Transmit (TX) Request: IPv4 - 0x20 frame, when you specify protocol 4 (TLS), the profile
configuration specified by $0 (TLS Profile 0) is used to form the TLS connection. Tx Request with TLS
Profile - 0x23 lets you choose the IP setting for the serial data.
Key formats
The RSA PKCS#1 format is the only common format across XBee Cellular device variants. You can
identify a PKCS#1 key file by the presence of BEGIN RSA PRIVATE KEY in the file header.
Digi's implementation does not support encrypted keys, we use file system encryption to protect the
keys at rest in the system.
Certificate limitations
The XBee Smart Modem only supports certificate files that contain a single certificate in them.
The implications of this are:
n For client certificate files (for example when client authentication is required):
l Self-signed certificates will work.
l Certificates signed by the root CA will work, because the root CA can be omitted per RFC
5246. The root certificate authority may be omitted from the chain, under the assumption
that the remote end must already possess it in order to validate it in any case.
l Certificate chains that include a intermediate CA are problematic. To work around this the
client's certificate chain has to be supplied to the server outside of the connection.
n For server certificate files (when server authentication is required) this is not a problem unless
the client is expected to connect to multiple servers that are using different self signed
certificates or are using certificate chains that are signed by different root CA certificates. To
work around this you have to change the certificates before making the connection, or in the
case of API mode specify a different authentication profile.
Cipher suites
For the Telit LE866 cellular component:
n TLS_RSA_WITH_RC4_128_MD5
n TLS_RSA_WITH_RC4_128_SHA
n TLS_RSA_WITH_AES_128_CBC_SHA
n TLS_RSA_WITH_NULL_SHA
n TLS_RSA_WITH_AES_256_CBC_SHA
This list may be incomplete.
To Next Page
Loading...
Need help?
General
