Transport Layer Security (TLS)
Starting with TiOS release V4, select Tibbo devices gained support for encrypted outgoing TCP connections using Transport Layer Security (TLS) 1.2. Due to memory limitations, only one such encrypted outgoing connection can exist at any given time. TLS encryption for incoming TCP connections is not supported.
The following Tibbo programmable devices support TLS:
- WM2000, WS1102 — implement TLS1.2 with the RSA-2048 cryptosystem or the ECDSA cryptosystem using the secp384r1 elliptic curve profile
- EM2000, EM2001, TPP2(G2), and TPP3(G2) — support TLS1.2 with the ECDSA cryptosystem using the secp384r1 elliptic curve profile
Regardless of platform, memory limitations mean that only one encrypted connection can be established at a time. On the WM2000, each encrypted socket consumes 32KB of RAM — this process is internal and will not affect your usable buffer. On the TPP2(G2), TPP3(G2), EM2000, and EM2001, you need to allocate a minimum of 39 pages of memory prior to establishing a secure connection.
TLS is not compatible with the following features of the sock. object:
- "Split packet" mode of TCP data processing
- Buffer redirection
- Data sinking
- Inband commands
- Built-in HTTP server (however, an outgoing TCP connection can constitute an HTTP request to an HTTP server).
Prerequisites for a connection
Before you can configure your device to establish a secure connection to a remote server, you must: