2 Replies Latest reply on May 13, 2013 4:54 PM by jasonrc

    wiced_tls_init_simple_context() vs. wiced_tls_init_advanced_context()

      [WICED-SDK-2.2.1]

       

       

      When I use wiced_tls_init_advanced_context(), I can use it for both TLS client and server.

       

       

       

      But when I use wiced_tls_init_simple_context(), I can only use it for TLS client.

       

       

       

      Please clarify what is the difference. Is it safe to use wiced_tls_init_simple_context for all TLS clients?

        • 1. Re: wiced_tls_init_simple_context() vs. wiced_tls_init_advanced_context()
          An advanced TLS context contains a device certificate and key (public and private key pair) while a simple TLS context does not.

           

          The advanced TLS context is only required for clients when the TLS server requires the client to provide a certificate to verify its identity.

           

          A TLS server will always have its own certificate and key pair and hence must always use an advanced TLS context.
          • 2. Re: wiced_tls_init_simple_context() vs. wiced_tls_init_advanced_context()
            Thanks for the info.

             

             

            In your examples, simple context is used for all the TLS clients.

             

             

            How do you know the server is NOT going to ask for the client for certificates?

             

            Is it true that to be safe to work with all TLS servers, a TLS client should always use advanced context?
            • 3. Re: wiced_tls_init_simple_context() vs. wiced_tls_init_advanced_context()
              Almost all public TLS servers (HTTPS servers) do not require client certificates and the

               

              only reason a client would need an advanced TLS context is if the server is configured

               

              to do so with special knowledge of the WICED devices that will be connecting to it.

               

               

              For example, you may wish to have a server where your devices can upload or download

               

              data but you want to prevent random people on the internet accessing it.

               

               

              To do this you would generate a certificate and key pair for every device you manufacture

               

              and store a copy of those certificates on your TLS server. This permits your TLS server

               

              to securely transfer data with your devices while also verifying that the endpoint is a

               

              device that has come from your factory.