• State Not Answered
  • Replies 2 replies
  • Subscribers 24 subscribers
  • Views 115 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 290481
Options

What encryption algorithm does asset tracker v2 use for AWS IOT

user112362

When connecting to AWS IOT the Asset Tracker V2 uses MQTT to AWS-IOT. This is TLS 1.2 from what I understand. We are using the 1.8 skd / 1.3.1 modem firmware.

We have a customer asking what exact encryption algorithm that is used. I have not seen this in the documentation, have only seen a list of supported algorithms. 

What is the algorithm used by default and where can I find that in code or settings?

Parents
  • 0

    Hello, 

    I have not seen this in the documentation, have only seen a list of supported algorithms. 

    Yes, that looks correct. I was not able to find the information regarding the TLS cipher suite in the nRF Connect SDK documentation, only what is support in the AWS IoT Core documentation. 

    I have forwarded the question to our apps team and will get back to you within tomorrow. 

    Kind regards,
    Øyvind

  • 0 in reply to user77062

    Slight correction, the supported TLS cipher suite in nRF9160 modem, found under Feature brief.

    mbed TLS Name / NIST Name
Value
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
{0xC0,0x24}
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA  
{0xC0,0x0A}
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
{0xC0,0x23}
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA 
{0xC0,0x09}
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA        
{0xC0,0x14}
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256   
{0xC0,0x27}
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA      
{0xC0,0x13}
TLS-PSK-WITH-AES-256-CBC-SHA     
{0x00,0x8D}
TLS-PSK-WITH-AES-128-CBC-SHA256  
{0x00,0xAE}
TLS-PSK-WITH-AES-128-CBC-SHA
{0x00,0x8C}
TLS-PSK-WITH-AES-128-CCM-8
{0xC0,0xA8}
TLS-EMPTY-RENEGOTIATIONINFO-SCSV	{0x00,0xFF}
In addition to the list above, Modem Firmware v1.3.x >= 1 and Modem Firmware v1.2.x >= 7 also supports:
mbed TLS Name / NIST Name
Value
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
{0xC0,0x2B}
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
{0xC0,0x30}
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0,0x2F}

Reply
  • 0 in reply to user77062

    Slight correction, the supported TLS cipher suite in nRF9160 modem, found under Feature brief.

    mbed TLS Name / NIST Name
Value
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
{0xC0,0x24}
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA  
{0xC0,0x0A}
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
{0xC0,0x23}
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA 
{0xC0,0x09}
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA        
{0xC0,0x14}
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256   
{0xC0,0x27}
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA      
{0xC0,0x13}
TLS-PSK-WITH-AES-256-CBC-SHA     
{0x00,0x8D}
TLS-PSK-WITH-AES-128-CBC-SHA256  
{0x00,0xAE}
TLS-PSK-WITH-AES-128-CBC-SHA
{0x00,0x8C}
TLS-PSK-WITH-AES-128-CCM-8
{0xC0,0xA8}
TLS-EMPTY-RENEGOTIATIONINFO-SCSV	{0x00,0xFF}
In addition to the list above, Modem Firmware v1.3.x >= 1 and Modem Firmware v1.2.x >= 7 also supports:
mbed TLS Name / NIST Name
Value
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
{0xC0,0x2B}
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
{0xC0,0x30}
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0,0x2F}

Children
No Data
Related
Terms of service