TLS Cipher Suites¶
Overview¶
The TLS Cipher Suites sample demonstrates a minimal implementation of a client application that attempts to connect to a host by trying different Transport Layer Security (TLS) cipher suites. This sample shows the cipher suites and lists them as supported or not supported by the host, and provides a summary of the support.
How it works¶
The sample first initializes the Modem library and AT communications. Next, it provisions a root CA certificate to the modem using the Modem key management library. Provisioning must be done before connecting to the LTE network because the certificates can only be provisioned when the device is not connected.
The sample then iterates through a list of TLS cipher suites, attempting connection to the host with each one of them. The sample connects successfully to the host (makerdiary.com) with the cipher suites that are supported by the host, while unsupported cipher suites cause a connection failure.
Finally, the sample provides a summary of the cipher suites that are supported and not supported by the host, makerdiary.com.
The sample connects to makerdiary.com, which requires an X.509 certificate. This certificate is provided in the ciphersuites/cert folder. The certificate is automatically converted to a HEX format in the CMakeLists.txt file. The generated .inc file is then included in the code, where it is provisioned to the modem.
Requirements¶
Before you start, check that you have the required hardware and software:
- 1x nRF9151 Connect Kit
- 1x nano-SIM card with LTE-M or NB-IoT support
- 1x U.FL cabled LTE-M/NB-IoT/NR+ Flexible Antenna (included in the box)
- 1x USB-C Cable
- A computer running macOS, Ubuntu, or Windows 10 or newer
Set up your board¶
- Insert the nano-SIM card into the nano-SIM card slot.
- Attach the U.FL cabled LTE-M/NB-IoT/NR+ Flexible Antenna.
- Connect the nRF9151 Connect Kit to the computer with a USB-C cable.
Building the sample¶
To build the sample, follow the instructions in Getting Started Guide to set up your preferred building environment.
Use the following steps to build the [Modem Trace Backend] sample on the command line.
-
Open a terminal window.
-
Go to
NCS-Project/nrf9151-connectkitrepository cloned in the Getting Started Guide. -
Build the sample using the
west buildcommand, specifying the board (following the-boption) asnrf9151_connectkit/nrf9151/ns.The
-palways option forces a pristine build, and is recommended for new users. Users may also use the-p autooption, which will use heuristics to determine if a pristine build is required, such as when building another sample.Note
This sample has Cortex-M Security Extensions (CMSE) enabled and separates the firmware between Non-Secure Processing Environment (NSPE) and Secure Processing Environment (SPE). Because of this, it automatically includes the Trusted Firmware-M (TF-M).
-
After building the sample successfully, the firmware with the name
merged.hexcan be found in thebuilddirectory.
Flashing the firmware¶
Set up your board before flashing the firmware. You can flash the sample using west flash:
Tip
In case you wonder, the west flash will execute the following command:
Testing¶
After programming the sample, test it by performing the following steps:
-
Open up a serial terminal, specifying the correct serial port that your computer uses to communicate with the nRF9151 SiP:
- Start PuTTY.
-
Configure the correct serial port and click Open:
-
Press the DFU/RST button to reset the nRF9151 SiP.
-
Observe the output of the terminal. You should see the output, similar to what is shown in the following: