Anonymous
Not applicable
May 13, 2013
04:51 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May 13, 2013
04:51 PM
[WICED-SDK-2.2.1]
When I use wiced_tls_init_advanced_context(), I can use it for both TLS client and server.
But when I use wiced_tls_init_simple_context(), I can only use it for TLS client.
Please clarify what is the difference. Is it safe to use wiced_tls_init_simple_context for all TLS clients?
Labels
- Labels:
-
Security
- Tags:
- [wiced-sdk-2.2.1]
- clarify
- client
- clients
- difference
- safe
- server
- wiced_tls_init_advanced_context
- wiced_tls_init_simple_context
3 Replies
Anonymous
Not applicable
May 13, 2013
04:52 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May 13, 2013
04:52 PM
An advanced TLS context contains a device certificate and key (public and private key pair) while a simple TLS context does not.The advanced TLS context is only required for clients when the TLS server requires the client to provide a certificate to verify its identity.A TLS server will always have its own certificate and key pair and hence must always use an advanced TLS context.
Anonymous
Not applicable
May 13, 2013
04:53 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May 13, 2013
04:53 PM
Thanks for the info. In your examples, simple context is used for all the TLS clients. How do you know the server is NOT going to ask for the client for certificates? Is it true that to be safe to work with all TLS servers, a TLS client should always use advanced context?
Anonymous
Not applicable
May 13, 2013
04:54 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May 13, 2013
04:54 PM
Almost all public TLS servers (HTTPS servers) do not require client certificates and the only reason a client would need an advanced TLS context is if the server is configured to do so with special knowledge of the WICED devices that will be connecting to it.For example, you may wish to have a server where your devices can upload or download data but you want to prevent random people on the internet accessing it. To do this you would generate a certificate and key pair for every device you manufacture and store a copy of those certificates on your TLS server. This permits your TLS server to securely transfer data with your devices while also verifying that the endpoint is a device that has come from your factory.