wiced_tls_init_simple_context() vs. wiced_tls_init_advanced_context()

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

[WICED-SDK-2.2.1]

When I use wiced_tls_init_advanced_context(), I can use it for both TLS client and server.

But when I use wiced_tls_init_simple_context(), I can only use it for TLS client.

Please clarify what is the difference. Is it safe to use wiced_tls_init_simple_context for all TLS clients?

0 Likes
3 Replies
Anonymous
Not applicable
An advanced TLS context contains a device certificate and key (public and private key pair) while a simple TLS context does not.

The advanced TLS context is only required for clients when the TLS server requires the client to provide a certificate to verify its identity.

A TLS server will always have its own certificate and key pair and hence must always use an advanced TLS context.
0 Likes
Anonymous
Not applicable
Thanks for the info.

In your examples, simple context is used for all the TLS clients.

How do you know the server is NOT going to ask for the client for certificates?

Is it true that to be safe to work with all TLS servers, a TLS client should always use advanced context?
0 Likes
Anonymous
Not applicable
Almost all public TLS servers (HTTPS servers) do not require client certificates and the

only reason a client would need an advanced TLS context is if the server is configured

to do so with special knowledge of the WICED devices that will be connecting to it.

For example, you may wish to have a server where your devices can upload or download

data but you want to prevent random people on the internet accessing it.

To do this you would generate a certificate and key pair for every device you manufacture

and store a copy of those certificates on your TLS server. This permits your TLS server

to securely transfer data with your devices while also verifying that the endpoint is a

device that has come from your factory.
0 Likes