I've pasted the Limitations stated in WINC1510 pdf, along with output from openssl certificate info for bbc.co.uk, and wondering if it is possible by reading/comparing this info to determine that the WINC1510 will not connect?
++++++++++++++++++++++++++++++++++++++++++++
From Chapter 7..
The WINC1510 documentation
http://ww1.microchip.com/downloads/en/DeviceDoc/ATWINC15x0-Wi-Fi-Network-Controller-Software-Design-Guide-User-Guide-DS00002389B.pdf
7.4.2
TLS Supported Ciphers
The ATWINC15x0 supports the following cipher suites (for both client and server modes).
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
The ATWINC15x0 also optionally support the following ECC cipher suites.
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_ ECDSA _WITH_AES_128_CBC_SHA256
7.4.3
Supported Hash Algorithms
The current implementation (WINC firmware version 19.5.2 onwards) supports the following hash
algorithms:
• MD5
• SHA-1
• SHA256
• SHA384
• SHA512
• RSA 4096
7.4.4
TLS Certificate Constraints
For TLS server and TLS client authentication, the ATWINC15x0 can accept the following certificate types:
• RSA certificates with key size no more than 2048 bits
• ECDSA certificates only for NIST P256 EC Curve (secp256r1); conditionally supported
7
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..compare with..
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Linux Terminal Output
openssl s_client -showcerts -connect www.bbc.co.uk:443
CONNECTED(00000003)
depth=2 OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign ECC OV SSL CA 2018
verify return:1
depth=0 C = GB, ST = London, L = London, O = British Broadcasting Corporation, CN = www.bbc.co.uk
verify return:1
Certificate chain
0 s:C = GB, ST = London, L = London, O = British Broadcasting Corporation, CN = www.bbc.co.uk
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign ECC OV SSL CA 2018
-----BEGIN CERTIFICATE-----
(removed so could paste in arduino fourm without exceeding character limit)
-----END CERTIFICATE-----
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign ECC OV SSL CA 2018
i:OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
-----BEGIN CERTIFICATE-----
(removed so could paste in arduino fourm without exceeding character limit)
-----END CERTIFICATE-----
2 s:OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
-----BEGIN CERTIFICATE-----
(removed so could paste in arduino fourm without exceeding character limit)
-----END CERTIFICATE-----
3 s:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
-----BEGIN CERTIFICATE-----
(removed so could paste in arduino fourm without exceeding character limit)
-----END CERTIFICATE-----
Server certificate
subject=C = GB, ST = London, L = London, O = British Broadcasting Corporation, CN = www.bbc.co.uk
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign ECC OV SSL CA 2018
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
SSL handshake has read 4551 bytes and written 385 bytes
Verification: OK
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: DF94686604E2DFC401B4669504723D14ACEC9E86DF6BAC2EB4C6A50EE2382280
Session-ID-ctx:
Resumption PSK: B0462630C326BCE44BB4F0E0363D40D7A1F8EC73D9F4287BFEF564FE5D383E0E94BE7776A660738EC44FE875D993C298
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 88 86 93 8e 58 99 fc df-45 75 ee 98 bf c8 a0 cc ....X...Eu......
0010 - 1c a1 71 27 4f 51 f1 e8-9f e2 76 f4 84 17 36 f1 ..q'OQ....v...6.
0020 - 08 f8 b3 64 11 dd 07 f3-0d 32 08 40 04 f2 73 6b ...d.....2.@..sk
0030 - 27 b3 13 0b d9 8a d8 e2-6b 08 4e ae 1a 41 53 1e '.......k.N..AS.
0040 - 3c 97 9c 4d d8 9c cc 4e-22 58 30 55 e9 0c 52 07 <..M...N"X0U..R.
0050 - 76 84 43 d4 f6 80 e1 91-1f 6e 70 a0 e6 81 d7 b7 v.C......np.....
0060 - f0 e8 67 c8 8c 00 1c c9-2a 6a 76 9f c8 85 08 0d ..g.....*jv.....
0070 - c9 a0 8a 39 4d 76 4a 04-7e 8e 96 57 d1 c3 b8 93 ...9MvJ.~..W....
0080 - fc 8c ef c5 1e 63 b7 f5-c9 e8 be 16 fd 8c 53 d0 .....c........S.
0090 - a7 f8 fc 69 2e 42 c6 01-74 57 dc b3 f1 3c 9b 1a ...i.B..tW...<..
00a0 - c1 eb 2f fd 50 9e 8f b8-2e 02 5e f0 03 f8 05 b6 ../.P.....^.....
00b0 - a1 9c 2c 95 da 4d 8c 12-1a 5a e6 41 a0 40 bf 01 ..,..M...Z.A.@..
00c0 - 66 1c ff 1d 7e 6f 7f d9-db c9 d3 33 45 f7 77 98 f...~o.....3E.w.
00d0 - cc 39 2f f0 00 a9 ea f5-59 4a 21 d9 4c 86 de d8 .9/.....YJ!.L...
00e0 - 1f 36 5a e6 45 93 6d 9a-e4 2d 51 86 bd 76 ba bf .6Z.E.m..-Q..v..
Start Time: 1600870301
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
read R BLOCK
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: B0E210F6CB9593C46F2E73E284F991E8B5D50B4ADFEDC5636E22C8BBAD518B0D
Session-ID-ctx:
Resumption PSK: 35DF5456A31ECEAD3ACE69FB31009A1AA3C624F9D648FBF97B7C715CAE91B3B400FA72AB27AE7901D404D166A33DEC9F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 88 86 93 8e 58 99 fc df-45 75 ee 98 bf c8 a0 cc ....X...Eu......
0010 - 63 d8 41 7a 18 d8 38 92-b1 09 d5 07 72 89 3a 20 c.Az..8.....r.:
0020 - 83 86 65 f3 0a 51 e3 2a-b6 e1 9d 4f 7a f5 36 c7 ..e..Q....Oz.6.
0030 - 0f cc 70 72 0b 4c de 29-78 da b3 20 8d 86 3b 89 ..pr.L.)x.. ..;.
0040 - 2e 25 08 09 54 74 f3 58-33 fc 6d 0f 25 6a 99 48 .%..Tt.X3.m.%j.H
0050 - 03 d3 5d ef f7 d8 be 68-b4 43 62 82 2d 85 39 14 ..]....h.Cb.-.9.
0060 - 1d 7d 5c d8 81 ec 6b 7c-b9 2c 52 06 5b 33 d0 4c .}...k|.,R.[3.L
0070 - a5 6b e6 2f 36 d8 fa f0-29 97 83 99 ef d3 72 80 .k./6...).....r.
0080 - dc 79 7c 57 38 95 36 8e-12 c0 bb 39 58 9c 63 bb .y|W8.6....9X.c.
0090 - a5 75 5f 36 6a 97 fe 98-e4 b1 b5 39 ac 40 f5 b4 .u_6j......9.@..
00a0 - b1 f2 f3 62 f1 fd 4d 5b-c0 ee 5d 5e 99 78 1b bf ...b..M[..]^.x..
00b0 - 48 6e 29 97 0c 4a 1f a9-88 2c ad 68 e2 46 20 2f Hn)..J...,.h.F /
00c0 - 8c 46 b1 be 33 f1 14 e7-be d3 2a a6 fa 79 d0 c6 .F..3.......y..
00d0 - 90 3e 30 d5 5f fc 75 c0-0a ed c1 f3 0b 81 4b f4 .>0._.u.......K.
00e0 - ad 27 34 45 76 5e 7e 6f-a7 a1 a3 17 64 a7 d0 0b .'4Ev^~o....d...
Start Time: 1600870301
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
read R BLOCK
closed
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++