Cipher Suites; Server Name Indication (Sni); Secure The Connection Between An Xbee And Remote Manager With Server Authentication - Digi XBee 3 Cellular LTE-M User Manual

Smart modem

Hide thumbs

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

Table of Contents

Transport Layer Security (TLS)

Note

For NB-IoT, TCP support is dependent on the network. Contact your network provider for

details.

The implications of this are:

For client certificate files (for example when client authentication is required):

Self-signed certificates will work.

Certificates signed by the root CA will work, because the root CA can be omitted per RFC

5246. The root certificate authority may be omitted from the chain, under the assumption

that the remote end must already possess it in order to validate it in any case.

Certificate chains that include a intermediate CA are problematic. To work around this the

client's certificate chain has to be supplied to the server outside of the connection.

For server certificate files (when server authentication is required) this is not a problem unless

the client is expected to connect to multiple servers that are using different self signed

certificates or are using certificate chains that are signed by different root CA certificates. To

work around this you have to change the certificates before making the connection, or in the

case of API mode specify a different authentication profile.

Cipher suites

Note

For NB-IoT, TCP support is dependent on the network. Contact your network provider for

details.

The only documented shared suites between the XBee 3 Cellular LTE Cat 1 Smart Modem and the

XBee 3 Cellular LTE-M Global Smart Modem are:

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

For the u-blox SARA-R410 and SARA-U201 cellular components:

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Server Name Indication (SNI)

We do not currently support SNI. Therefore servers which use SNI to present certificates based on

client provided host data may be unable to establish the expected connections.

Secure the connection between an XBee and Remote Manager

with server authentication

The XBee devices that have the *11 or later version of the firmware installed are by default able to

secure the TLS connection to Digi Remote Manager. The default configuration provides confidentiality

of the communication but is not able to authenticate the server without a certificate being provided.

Digi XBee® 3 Cellular LTE-M/NB-IoT Global Smart Modem User Guide

Cipher suites

180

Table of Contents

Troubleshooting

This manual is also suitable for:

Xbee 3 cellular nb-iot

Cipher Suites; Server Name Indication (Sni); Secure The Connection Between An Xbee And Remote Manager With Server Authentication - Digi XBee 3 Cellular LTE-M User Manual

Cipher suites

Server Name Indication (SNI)

Troubleshooting

Related Manuals for Digi XBee 3 Cellular LTE-M

Related Content for Digi XBee 3 Cellular LTE-M

This manual is also suitable for:

Table of Contents