Home AMX User Forum AMX Technical Discussion

TLS 1.2 vs 1.3 problem

dnahmandnahman Posts: 31
in AMX Technical Discussion

Hoping that this rings a bell for somebody:

I have a NX3200 running the latest 1.8.90 firmware that can communicate with an in-house TLS 1.3 web service, but not a TLS 1.2 one.

The onerror reports -313:received alert fatal error when trying to connect to the 1.2 server. Not sure if it is a cipher or a TLS version incompatibility.

I removed the matching certificates from the AMX frame, and verified that the connection behavior was the same -- namely I could connect to the 1.3 server when ignoring the cert errors, but not the 1.2 server.

Has anyone run into this before? Are there any other tools for diagnosing TLS errors other than breaking out wireshark?

Thanks
David

Comments

  • dnahmandnahman Posts: 31

    A little extra detail:
    Running openssl s_client -connect hostname:443 -showcerts against the (working) 1.3 server produces:

    New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

    but for the failing 1.2 server:

    New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated

    Perhaps Netlinx doesn't support Elliptic Curve ciphers?

    Can anyone from AMX chime in here?

    Thanks,
    David

  • dnahmandnahman Posts: 31

    Update after talking to AMX support:
    v1.8.196 firmware fixes the cipher support.

Sign In or Register to comment.