WINC1510 XPLAINED PRO - HTTPS

Hi

I'm evaluating an WINC1510 XPlained Pro WiFi module

I have it connected to Arduino DUE (I'm assuming V3.3 is safest for this module so not using UNO).

I tried connecting over HTTPS to https://bbc.co.uk, It doesn't connect..

I can make it connect to arduino.cc and google.com

I have flashed the root certificates for google/arduino/bbc using tools from Atmel (rather than the Arduino flash updater).

So I was wondering if there was something about bbc.co.uk (encryption types?) that prevents connection from WINC1510?

I used the following tools to get information about security certificates for bbc.co.uk

https://www.ssllabs.com/ssltest/analyze.html?d=bbc.co.uk&s=151.101.0.81

and

sudo openssl s_client -showcerts -connect www.bbc.co.uk:443

Could someone with more experience tell me if these tools generate the info I need to determine if WINC1510 will connect please?

Also, I don't have Arduino WiFi shield to compare it with (and I believe the Arduino shield uses ATWINC1500 rather than WINC1510) - but I'd be interested to know if anyone can connect using WINC1500 based device :slight_smile:

Thanks in advance,
Mike

From a browser, I get redirected to https://www.bbc.com, but that may be as I'm outside the UK. Does it work any better?

Hi Wildbill

I'm in UK and bbc.com redirects me to bbc.co.uk, I tried changing Arduino code to bbc.com to see what happens it doesn't connect, thanks for the tip though

Mike

I've pasted the Limitations stated in WINC1510 pdf, along with output from openssl certificate info for bbc.co.uk, and wondering if it is possible by reading/comparing this info to determine that the WINC1510 will not connect?

++++++++++++++++++++++++++++++++++++++++++++
From Chapter 7..
The WINC1510 documentation
http://ww1.microchip.com/downloads/en/DeviceDoc/ATWINC15x0-Wi-Fi-Network-Controller-Software-Design-Guide-User-Guide-DS00002389B.pdf

7.4.2
TLS Supported Ciphers
The ATWINC15x0 supports the following cipher suites (for both client and server modes).
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
The ATWINC15x0 also optionally support the following ECC cipher suites.
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_ ECDSA _WITH_AES_128_CBC_SHA256
7.4.3
Supported Hash Algorithms
The current implementation (WINC firmware version 19.5.2 onwards) supports the following hash
algorithms:
• MD5
• SHA-1
• SHA256
• SHA384
• SHA512
• RSA 4096

7.4.4
TLS Certificate Constraints
For TLS server and TLS client authentication, the ATWINC15x0 can accept the following certificate types:
• RSA certificates with key size no more than 2048 bits
• ECDSA certificates only for NIST P256 EC Curve (secp256r1); conditionally supported
7

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

..compare with..

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Linux Terminal Output
openssl s_client -showcerts -connect www.bbc.co.uk:443

CONNECTED(00000003)
depth=2 OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign ECC OV SSL CA 2018
verify return:1
depth=0 C = GB, ST = London, L = London, O = British Broadcasting Corporation, CN = www.bbc.co.uk
verify return:1

Certificate chain
0 s:C = GB, ST = London, L = London, O = British Broadcasting Corporation, CN = www.bbc.co.uk
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign ECC OV SSL CA 2018
-----BEGIN CERTIFICATE-----
(removed so could paste in arduino fourm without exceeding character limit)
-----END CERTIFICATE-----
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign ECC OV SSL CA 2018
i:OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
-----BEGIN CERTIFICATE-----
(removed so could paste in arduino fourm without exceeding character limit)
-----END CERTIFICATE-----
2 s:OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
-----BEGIN CERTIFICATE-----
(removed so could paste in arduino fourm without exceeding character limit)
-----END CERTIFICATE-----
3 s:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
-----BEGIN CERTIFICATE-----
(removed so could paste in arduino fourm without exceeding character limit)
-----END CERTIFICATE-----

Server certificate
subject=C = GB, ST = London, L = London, O = British Broadcasting Corporation, CN = www.bbc.co.uk

issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign ECC OV SSL CA 2018


No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits

SSL handshake has read 4551 bytes and written 385 bytes
Verification: OK

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)


Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: DF94686604E2DFC401B4669504723D14ACEC9E86DF6BAC2EB4C6A50EE2382280
Session-ID-ctx:
Resumption PSK: B0462630C326BCE44BB4F0E0363D40D7A1F8EC73D9F4287BFEF564FE5D383E0E94BE7776A660738EC44FE875D993C298
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 88 86 93 8e 58 99 fc df-45 75 ee 98 bf c8 a0 cc ....X...Eu......
0010 - 1c a1 71 27 4f 51 f1 e8-9f e2 76 f4 84 17 36 f1 ..q'OQ....v...6.
0020 - 08 f8 b3 64 11 dd 07 f3-0d 32 08 40 04 f2 73 6b ...d.....2.@..sk
0030 - 27 b3 13 0b d9 8a d8 e2-6b 08 4e ae 1a 41 53 1e '.......k.N..AS.
0040 - 3c 97 9c 4d d8 9c cc 4e-22 58 30 55 e9 0c 52 07 <..M...N"X0U..R.
0050 - 76 84 43 d4 f6 80 e1 91-1f 6e 70 a0 e6 81 d7 b7 v.C......np.....
0060 - f0 e8 67 c8 8c 00 1c c9-2a 6a 76 9f c8 85 08 0d ..g.....*jv.....
0070 - c9 a0 8a 39 4d 76 4a 04-7e 8e 96 57 d1 c3 b8 93 ...9MvJ.~..W....
0080 - fc 8c ef c5 1e 63 b7 f5-c9 e8 be 16 fd 8c 53 d0 .....c........S.
0090 - a7 f8 fc 69 2e 42 c6 01-74 57 dc b3 f1 3c 9b 1a ...i.B..tW...<..
00a0 - c1 eb 2f fd 50 9e 8f b8-2e 02 5e f0 03 f8 05 b6 ../.P.....^.....
00b0 - a1 9c 2c 95 da 4d 8c 12-1a 5a e6 41 a0 40 bf 01 ..,..M...Z.A.@..
00c0 - 66 1c ff 1d 7e 6f 7f d9-db c9 d3 33 45 f7 77 98 f...~o.....3E.w.
00d0 - cc 39 2f f0 00 a9 ea f5-59 4a 21 d9 4c 86 de d8 .9/.....YJ!.L...
00e0 - 1f 36 5a e6 45 93 6d 9a-e4 2d 51 86 bd 76 ba bf .6Z.E.m..-Q..v..

Start Time: 1600870301
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0

read R BLOCK

Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: B0E210F6CB9593C46F2E73E284F991E8B5D50B4ADFEDC5636E22C8BBAD518B0D
Session-ID-ctx:
Resumption PSK: 35DF5456A31ECEAD3ACE69FB31009A1AA3C624F9D648FBF97B7C715CAE91B3B400FA72AB27AE7901D404D166A33DEC9F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 88 86 93 8e 58 99 fc df-45 75 ee 98 bf c8 a0 cc ....X...Eu......
0010 - 63 d8 41 7a 18 d8 38 92-b1 09 d5 07 72 89 3a 20 c.Az..8.....r.:
0020 - 83 86 65 f3 0a 51 e3 2a-b6 e1 9d 4f 7a f5 36 c7 ..e..Q....Oz.6.
0030 - 0f cc 70 72 0b 4c de 29-78 da b3 20 8d 86 3b 89 ..pr.L.)x.. ..;.
0040 - 2e 25 08 09 54 74 f3 58-33 fc 6d 0f 25 6a 99 48 .%..Tt.X3.m.%j.H
0050 - 03 d3 5d ef f7 d8 be 68-b4 43 62 82 2d 85 39 14 ..]....h.Cb.-.9.
0060 - 1d 7d 5c d8 81 ec 6b 7c-b9 2c 52 06 5b 33 d0 4c .}...k|.,R.[3.L
0070 - a5 6b e6 2f 36 d8 fa f0-29 97 83 99 ef d3 72 80 .k./6...).....r.
0080 - dc 79 7c 57 38 95 36 8e-12 c0 bb 39 58 9c 63 bb .y|W8.6....9X.c.
0090 - a5 75 5f 36 6a 97 fe 98-e4 b1 b5 39 ac 40 f5 b4 .u_6j......9.@..
00a0 - b1 f2 f3 62 f1 fd 4d 5b-c0 ee 5d 5e 99 78 1b bf ...b..M[..]^.x..
00b0 - 48 6e 29 97 0c 4a 1f a9-88 2c ad 68 e2 46 20 2f Hn)..J...,.h.F /
00c0 - 8c 46 b1 be 33 f1 14 e7-be d3 2a a6 fa 79 d0 c6 .F..3.....
..y..
00d0 - 90 3e 30 d5 5f fc 75 c0-0a ed c1 f3 0b 81 4b f4 .>0._.u.......K.
00e0 - ad 27 34 45 76 5e 7e 6f-a7 a1 a3 17 64 a7 d0 0b .'4Ev^~o....d...

Start Time: 1600870301
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0

read R BLOCK
closed

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++