[−][src]Module ublox_cellular::command::device_data_security
26 - Device and data security
SSL/TLS provides a secure connection between two entities using TCP socket for communication (i.e. HTTP/ FTP server and HTTP/FTP client). The SSL/TLS with digital certificates support provides different connection security aspects:
- Server authentication: use of the server certificate verification against a specific trusted certificate or a trusted certificates list;
- Client authentication: use of the client certificate and the corresponding private key;
- Data security and integrity: data encryption and Hash Message Authentication Code (HMAC) generation.
The security aspects used in the current connection depend on the SSL/TLS configuration and features supported by the communicating entities. u-blox cellular modules support all the described aspects of SSL/TLS security protocol with these AT commands:
AT+USECMNG: import, removal, list and information retrieval of certificates or private keys;AT+USECPRF: configuration of USECMNG (u-blox SECurity MaNaGement) profiles used for an SSL/TLS connection.
The USECMNG provides a default SSL/TLS profile which cannot be modified. The default USECMNG profile provides the following SSL/TLS settings:
| Setting | Value | Meaning |
|---|---|---|
| Certificates validation level | Level 0 | The server certificate will not be checked or verified. |
| Minimum SSL/TLS version | Any | The server can use any of the TLS1.0/TLS1.1/TLS1.2 versions for the connection. |
| Cipher suite | Automatic | The cipher suite will be negotiated in the handshake process. |
| Trusted root certificate internal name | "" (none) | No certificate will be used for the server authentication. |
| Expected server host-name | "" (none) | No server host-name is expected. |
| Client certificate internal name | "" (none) | No client certificate will be used. |
| Client private key internal name | "" (none) | No client private key will be used. |
| Client private key password | "" (none) | No client private key password will be used. |
| Pre-shared key | "" (none) | No pre-shared key key password will be used. |
Notes:
- The secure re-negotiation and the SSL/TLS session resumption are currently not supported, and if mandated by the server the SSL/TLS connection will fail with an Generic SSL/TLS handshake alert.
Modules
| responses | Responses for Device and data security Commands |
| types | Argument and parameter types used by Device and data security Commands and Responses |
Structs
| PrepareSecurityDataImport | 26.1.2 SSL/TLS certificates and private keys manager +USECMNG |
| SecurityProfileManager | 26.1.3 SSL/TLS security layer profile manager +USECPRF |
| SendSecurityDataImport |