SWRU455M February 2017 – October 2020 CC3120 , CC3120MOD , CC3130 , CC3135 , CC3135MOD , CC3220MOD , CC3220MODA , CC3220R , CC3220S , CC3220SF , CC3230S , CC3230SF , CC3235MODAS , CC3235MODASF , CC3235MODS , CC3235MODSF , CC3235S , CC3235SF
Table 8-1 lists the key features of the secure socket.
Key Features | Description | Client | Server |
---|---|---|---|
TLS server | Open TLS servers and accept up to 16 peers for CC313x/CC323x and 6 peers for CC3120/CC3220 (the maximum TLS connections depends on how many clients are connected). | ||
TLS client | Open TLS client and connect up to 16 peers for CC313x/CC323x and 6 peers for CC3120/CC3220 (the maximum TLS connections depends on how many servers are connected). | ||
Certificates | Support certificates and root CAs according to x509 standard. | √ | √ |
BSD commands | The TLS layer is embedded into the BSD commands to ease the usage. | √ | √ |
Server verification | Support full chain of trust verification while the SimpleLink device is in client mode. | √ | N/A |
Domain verification | Support domain verification in client mode, to help against MITM attack. | √ | X |
Client verification | Support client authentication, both in server mode to authenticate a client that is trying to connect to the server, and in client mode, when a remote server is asking for client certificate. | N/A | √ |
Time and Date verification | Support time and date verification of server/client cert according to the time and date configured in the SimpleLink device. | √ | X |
Cryptography | Support the following cryptographic algorithms – RC4,AES|GCM|CBC,CHACHA20,SHA1|256|384|512,MD5,POLY1305,RSA,DHE,ECDSA,ECDHE. | √ | √ |
STARTTLS | Start TLS handshake on a regular TCP socket. Usually used for SMTP on port 587. | √ | √ |
ALPN | Support Application Layer Protocol Names List; this is a limited list with HTTP1.1 and H2 drafts. | √ | X |
DER/PEM file formats | Certificate files and keys can be programmed to the file system in either DER or PEM formats. Certificate chain must be in PEM format. Certificate chain is only available in server mode. | √ | √ |
Trusted root-certificate catalog | Mechanism to determine if a root CA is known and trusted by TI or if a certificate is revoked. | √ | X |
Server name indication (SNI) | Setting a domain name verification enables the SNI extension in the client hello message, according to RFC 6066. | √ | X |
OCSP extension (CC313x and CC323x only) | Use OCSP protocol during the SSL handshake to check the certificate chain for revoked certificates. supports OCSP, OCSP stapling and stapling v2. | √ | X |