SSL on FEZ Cerbuino NET

lty20785 · March 19, 2014, 10:14am

I’m trying to make HTTPS requests on Cerbuino NET (spec says that it supports SSL), but I keep getting “System.NotSupportedException”. Following is the stacktrace:

Microsoft.SPOT.Net.Security.SslStream::Authenticate
Microsoft.SPOT.Net.Security.SslStream::AuthenticateAsClient
System.Net.HttpWebRequest::EstablishConnection
System.Net.HttpWebRequest::SubmitRequest
System.Net.HttpWebRequest::GetResponse
GHICerberusTestApp.Program::ProgramStarted
GHICerberusTestApp.Program::Main

But, I have all the necessary references in place, and I can actually create an SslStream class in my code and access all of its methods. The code would build perfectly.

So why am I still seeing the NotSupportedException over and over…

Any help is much appreciated!

Tom

luca_santoro · March 19, 2014, 10:49am

In my opinion the card does not have enough RAM or resources to handle the SSL library.

If you are interested, on the Fez Cobra II SSL works fine.

lty20785 · March 19, 2014, 11:09am

@ luca_santoro - Thanks for your reply!

Yeah I was suspecting the RAM being the problem too, but the official spec says it supports SSL so I still want to give it a try. Plus it 's also low cost.

About FEZ Cobra II, I saw that there are two models: Eco (which doesn’t have an ethernet onboard) and Net. So I guess if I want to use ethernet on Eco, it would require an additional ethernet module right?

Reinhard_Ostermeier · March 19, 2014, 11:34am

In fact there are 3 Cobra II models
Eco: No Ethernet
Net: Wired Network (RJ45 connector)
WiFi: with WiFi module

Theoretically you can connect a ENC28 Network module to Cobra ECO, but I assume that the sum of Cobra II ECO + ENC28 costs more than Cobra II NET

Cuno · March 19, 2014, 11:51am

Yes. You would need about an order of magnitude more RAM, and another MB of Flash or so, to run OpenSSL (which comes with the NETMF Porting Kit) on a Cerbuino.

luca_santoro · March 19, 2014, 3:44pm

I’ve a Fez cobra 2 net and a Fez cobra 2 wi-fi with an ENC 28 module

I suggest you the net version is a great card
and if you will need the wi-fi will acquire the module.

Unfortunately, the net mf when you use SSL has a bug that generates a memory leak, I have partially solved with a watch dog that restart when memory is low…

Valkyrie_MT · March 25, 2014, 9:19pm

I just came across a pure C# .NET 1.0 (that’s actually good) library that implements SSL and TLS. These are the required libraries for doing secure HTTPS. I was toying with the idea of adding it to mIP. The library is here:

The license appears to be permissive to commercial and non-commercial use.

The fact that it is for .NET 1.0 would make it an easier port to .NET MF. I looked at a few of the cs files and there are some that will require absolutely zero changes. Others look to use some System namespace methods that might be missing. My guess is that it would take at most 100K of extra program flash (probably less than 40k), which the Cerbuino NET has.

I was thinking it could be great in combination with this wifi: https://www.bluegiga.com/en-US/products/wifi-modules/wf111-wifi-module/

Just brainstorming. But, with mIP, I did the entire TCP stack in c# in under 50K, so I’d be surprised if it took more than 100K just for the bare bones of HTTPS support.

Brett · March 25, 2014, 9:41pm

where’s the “donate here” button on this post ?

Cuno · March 26, 2014, 5:25am

Great find! I would be especially interested in the size of the X509 certificate support, as we’d need authentication as well as encryption. If you learn more, please let us know.

taylorza · March 30, 2014, 2:44am

@ Valkyrie-MT - I have not looked at the code, but I suspect that much of the actual cryptography is either using what the Framework has or is doing interop to the SSPI Provider?

I would be very interested in seeing that code, esp. generating the asymmetric keys. If that code is done in C# on .NETMF, I would expect it to be dead slow.