You are reading a single comment by @cefitzger and its replies.
Click here to read the full conversation.
-
Hi Vlad,
Secure Connection is LESC - it's the 5th bit in the AuthReq byte (see screenshot). I'm not using Bluez and peripheral advertisement packets do not include anything about the security capabilities. But, yes, this is the security association desired by the central (Android and iOS).
So here the central is requesting Bonding, MITM and LESC. The response from the Pixl only indicates Bonding (screenshot is of the Pixl response), so it proceeds without the other two.
I have re-run with the following configuration to exactly the same result - no success.
NRF.setSecurity({lesc: 1}); NRF.setServices({ 0xBCDE : { 0xABCD : { value : "Hello", // optional maxLen : 5, // optional (otherwise is length of initial value) readable : true, // optional, default is false writable : true, // optional, default is false // notify : true, // optional, default is false security: { // optional read: { // optional encrypted: false, // optional, default is false mitm: false, // optional, default is false lesc: false, // optional, default is false signed: false // optional, default is false }, write: { // optional encrypted: false, // optional, default is false mitm: false, // optional, default is false lesc: true, // optional, default is false signed: false // optional, default is false } }, onWrite : function(evt) { // optional print("Got ", evt.data); // an ArrayBuffer } } // more characteristics allowed } // more services allowed });
1 Attachment
-
cefitzger
From your WireShark trace, when secure request is made, your central provides "SecureConnection, MITM & Bonding" auth parameters. I'm just guessing that this is what your central wants to have, i.e. it is requesting to establish secure link with MITM and also store keys. I'm speculating again, this list of parameters is made by Bluez based on peripheral advertisement packages (which contains some capabilities flags). I think your central (bluez) does not specify lesc parameter just because it does not know if your peripheral supports it, It could be that you have to set up your peripheral to advertise lesc capability so that Bluez knows what to do.
Can you please try to set this?
I assume that this will make your peripheral to advertise that it supports lesc and give a hint for Bluez to try to use lesc algorithm.