You are reading a single comment by @Vlad and its replies. Click here to read the full conversation.
  • From your WireShark trace, when secure request is made, your central provides "SecureConnection, MITM & Bonding" auth parameters. I'm just guessing that this is what your central wants to have, i.e. it is requesting to establish secure link with MITM and also store keys. I'm speculating again, this list of parameters is made by Bluez based on peripheral advertisement packages (which contains some capabilities flags). I think your central (bluez) does not specify lesc parameter just because it does not know if your peripheral supports it, It could be that you have to set up your peripheral to advertise lesc capability so that Bluez knows what to do.

    Can you please try to set this?

    NRF.setSecurity({lesc: 1});
    

    I assume that this will make your peripheral to advertise that it supports lesc and give a hint for Bluez to try to use lesc algorithm.

  • Hi Vlad,

    Secure Connection is LESC - it's the 5th bit in the AuthReq byte (see screenshot). I'm not using Bluez and peripheral advertisement packets do not include anything about the security capabilities. But, yes, this is the security association desired by the central (Android and iOS).

    So here the central is requesting Bonding, MITM and LESC. The response from the Pixl only indicates Bonding (screenshot is of the Pixl response), so it proceeds without the other two.

    I have re-run with the following configuration to exactly the same result - no success.

    NRF.setSecurity({lesc: 1});
    
    NRF.setServices({
      0xBCDE : {
        0xABCD : {
          value : "Hello", // optional
          maxLen : 5, // optional (otherwise is length of initial value)
          readable : true,   // optional, default is false
          writable : true,   // optional, default is false
    //      notify : true,   // optional, default is false
          security: { // optional
            read: { // optional
              encrypted: false, // optional, default is false
              mitm: false, // optional, default is false
              lesc: false, // optional, default is false
              signed: false // optional, default is false
            },
            write: { // optional
              encrypted: false, // optional, default is false
              mitm: false, // optional, default is false
              lesc: true, // optional, default is false
              signed: false // optional, default is false
            }
          },
          onWrite : function(evt) { // optional
            print("Got ", evt.data); // an ArrayBuffer
          }
        }
        // more characteristics allowed
      }
      // more services allowed
    });
    
About

Avatar for Vlad @Vlad started