User Manual
Table Of Contents
- Preface
- Contents
- 1 AT command settings
- 2 General operation
- 3 IPC - Inter Processor Communication
- 4 General
- 4.1 Manufacturer identification +CGMI
- 4.2 Manufacturer identification +GMI
- 4.3 Model identification +CGMM
- 4.4 Model identification +GMM
- 4.5 Firmware version identification +CGMR
- 4.6 Firmware version identification +GMR
- 4.7 IMEI identification +CGSN
- 4.8 IMEI identification +GSN
- 4.9 Identification information I
- 4.10 TE character set configuration +CSCS
- 4.11 International mobile subscriber identification +CIMI
- 4.12 Card identification +CCID
- 4.13 Repeat last command A/
- 5 Mobile equipment control and status
- 6 Call control
- 7 Network service
- 7.1 Subscriber number +CNUM
- 7.2 Signal quality +CSQ
- 7.3 Extended signal quality +CESQ
- 7.4 Operator selection +COPS
- 7.5 Radio Access Technology (RAT) selection +URAT
- 7.6 Network registration status +CREG
- 7.7 Network selection control +PACSP
- 7.8 Channel and network environment description +UCGED
- 7.9 Edit Verizon wireless APN table +VZWAPNE
- 7.10 Read RSRP values +VZWRSRP
- 7.11 Read RSRQ values +VZWRSRQ
- 7.12 eDRX setting +CEDRXS
- 7.13 eDRX read dynamic parameters +CEDRXRDP
- 7.14 Set MNO profile +UMNOPROF
- 7.15 Band selection bitmask +UBANDMASK
- 8 Security
- 9 Short Messages Service
- 9.1 Introduction
- 9.2 Select message service +CSMS
- 9.3 Preferred message storage +CPMS
- 9.4 Preferred message format +CMGF
- 9.5 Save settings +CSAS
- 9.6 Restore settings +CRES
- 9.7 New message indication +CNMI
- 9.8 Read message +CMGR
- 9.9 New message acknowledgement to MT +CNMA
- 9.10 List message +CMGL
- 9.11 Send message +CMGS
- 9.12 Write message to memory +CMGW
- 9.13 Send message from storage +CMSS
- 9.14 Set text mode parameters +CSMP
- 9.15 Delete message +CMGD
- 9.16 Service center address +CSCA
- 9.17 Read concatenated message +UCMGR
- 9.18 List concatenated message +UCMGL
- 9.19 Send concatenated message +UCMGS
- 9.20 Write concatenated message to memory +UCMGW
- 9.21 More messages to send +CMMS
- 9.22 Sending of originating data via the control plane +CSODCP
- 9.23 Terminating data reporting via control plane +CRTDCP
- 10 V24 control and V25ter
- 10.1 Introduction
- 10.2 Circuit 109 behavior &C
- 10.3 Circuit 108/2 behavior &D
- 10.4 DSR override &S
- 10.5 Flow control &K
- 10.6 DTE-DCE character framing +ICF
- 10.7 DTE-DCE local flow control +IFC
- 10.8 Set flow control \Q
- 10.9 UART data rate configuration +IPR
- 10.10 Return to on-line data state O
- 10.11 Escape character S2
- 10.12 Command line termination character S3
- 10.13 Response formatting character S4
- 10.14 Command line editing character S5
- 10.15 Pause before blind dialling S6
- 10.16 Connection completion timeout S7
- 10.17 Command dial modifier time S8
- 10.18 Automatic disconnect delay S10
- 10.19 Escape prompt delay (EPD) S12
- 10.20 Command echo E
- 10.21 Result code suppression Q
- 10.22 DCE response format V
- 10.23 Result code selection and call progress monitoring control X
- 10.24 Reset to default configuration Z
- 10.25 Set to factory defined configuration &F
- 10.26 Display current configuration &V
- 11 SIM management
- 12 SIM toolkit
- 13 Packet switched data services
- 13.1 PDP contexts and parameter definition
- 13.2 PPP LCP handshake behaviour
- 13.3 PDP context definition +CGDCONT
- 13.4 Packet switched data configuration +UPSD
- 13.5 GPRS attach or detach +CGATT
- 13.6 PDP context activate or deactivate +CGACT
- 13.7 Enter PPP state/GPRS dial-up D*
- 13.8 Show PDP address +CGPADDR
- 13.9 GPRS event reporting +CGEREP
- 13.10 GPRS network registration status +CGREG
- 13.11 Manual deactivation of a PDP context H
- 13.12 UE modes of operation for EPS +CEMODE
- 13.13 EPS network registration status +CEREG
- 13.14 Delete non-active PDP contexts +CGDEL
- 13.15 Configure the authentication parameters of a PDP/EPS bearer +UAUTHREQ
- 13.16 PDP IP configuration when roaming +UDCONF=75
- 13.17 Enable/Disable data when roaming +UDCONF=76
- 14 System features
- 14.1 Firmware installation +UFWINSTALL
- 14.2 Firmware update Over AT (FOAT) +UFWUPD
- 14.3 Antenna detection +UANTR
- 14.4 Power saving control (Power SaVing) +UPSV
- 14.5 End user test +UTEST
- 14.6 Internal temperature monitor +UTEMP
- 14.7 Power Saving Mode Setting +CPSMS
- 14.8 Power Saving Mode Assigned Values +UCPSMS
- 14.9 Set LWM2M FOTA URCs +ULWM2MSTAT
- 14.10 Cancel LWM2M FOTA Download +ULWM2M=0
- 14.11 uFOTA configuration +UFOTACONF
- 14.12 Last gasp configuration +ULGASP
- 14.13 LWM2M host device information +UHOSTDEV
- 14.14 RING line configuration +URINGCFG
- 15 GPIO
- 15.1 Introduction
- 15.1.1 GPIO functions
- 15.1.2 GPIO mapping
- 15.1.3 Network status indication
- 15.1.3.1 No service (no network coverage or not registered)
- 15.1.3.2 Registered home network 2G
- 15.1.3.3 Registered home network 3G
- 15.1.3.4 Registered home network Cat NB1
- 15.1.3.5 Registered roaming 2G
- 15.1.3.6 Registered roaming 3G
- 15.1.3.7 Registered roaming Cat NB1
- 15.1.3.8 Data transmission
- 15.1.3.9 Data transmission roaming
- 15.2 GPIO select configuration command +UGPIOC
- 15.3 GPIO read command +UGPIOR
- 15.4 GPIO set command +UGPIOW
- 15.1 Introduction
- 16 File System
- 17 DNS
- 18 Internet protocol transport layer
- 18.1 Introduction
- 18.2 IPv4/IPv6 addressing
- 18.3 Create Socket +USOCR
- 18.4 SSL/TLS mode configuration on TCP socket +USOSEC
- 18.5 Set socket option +USOSO
- 18.6 Get Socket Option +USOGO
- 18.7 Close Socket +USOCL
- 18.8 Get Socket Error +USOER
- 18.9 Connect Socket +USOCO
- 18.10 Write socket data +USOWR
- 18.11 SendTo command (UDP only) +USOST
- 18.12 Read Socket Data +USORD
- 18.13 Receive From command (UDP only) +USORF
- 18.14 Set Listening Socket +USOLI
- 18.15 HEX mode configuration +UDCONF=1
- 18.16 Set socket in Direct Link mode +USODL
- 18.17 UDP Direct Link Packet Size configuration +UDCONF=2
- 18.18 UDP Direct Link Sending timer configuration +UDCONF=3
- 18.19 Timer Trigger configuration for Direct Link +UDCONF=5
- 18.20 Data Length Trigger configuration for Direct Link +UDCONF=6
- 18.21 Character trigger configuration for Direct Link +UDCONF=7
- 18.22 Congestion timer configuration for Direct Link +UDCONF=8
- 18.23 Socket control +USOCTL
- 18.24 Configure Dormant Close Socket Behavior +USOCLCFG
- 19 SSL/TLS
- 20 FTP
- 21 HTTP
- 22 GNSS
- 22.1 NMEA
- 22.2 GNSS power management +UGPS
- 22.3 Assisted GNSS unsolicited indication +UGIND
- 22.4 GNSS profile configuration +UGPRF
- 22.5 Aiding server configuration +UGSRV
- 22.6 GNSS aiding request command +UGAOS
- 22.7 Send of UBX string +UGUBX
- 22.8 GNSS indications timer +UGTMR
- 22.9 Get GNSS time and date +UGZDA
- 22.10 Get GNSS fix data +UGGGA
- 22.11 Get geographic position +UGGLL
- 22.12 Get number of GNSS satellites in view +UGGSV
- 22.13 Get recommended minimum GNSS data +UGRMC
- 22.14 Get course over ground and ground speed +UGVTG
- 22.15 Get satellite information +UGGSA
- 22.16 Ask for localization information +ULOC
- 22.17 Localization information request status unsolicited indication +ULOCIND
- 22.18 GNSS sensor configuration +ULOCGNSS
- 23 I2C
- 24 MQTT
- A Appendix: Error result codes
- B Appendix: AT Commands List
- C Appendix: UDP Direct Link workflow
- D Appendix: Glossary
- Related documents
- Revision history
- Contact
SARA-R4/N4 series-AT Commands Manual
UBX-17003787 - R11
19SSL/TLS
Page 207 of 308
19.3SSL/TLS security layer profile manager +USECPRF
+USECPRF
SARA-R410M-01B SARA-R410M-02B SARA-R410M-52B SARA-R412MModules
SARA-N4
Syntax PIN required Settings saved Can be aborted Response time Error referenceAttributes
full No No No - +CME Error
19.3.1Description
Manages security profiles for the configuration of the following SSL/TLS connections properties:
• Certificate validation level:
o Level 0: no certificate validation; the server certificate will not be checked or verified. No additional
certificates are needed.
o Level 1: certificate validation against a specific or a list of imported trusted root certificates.
o Level 2: certificate validation with an additional URL integrity check (the server certificate common
name must match the server hostname).
o Level 3: certificate validation with an additional check on the certificate validity date.
CA certificates should be imported with the +USECMNG AT command
• Minimum SSL/TLS version to be used:
o Any
o TLS 1.0
o TLS 1.1
o TLS 1.2
• Exact cipher suite to be used (the cipher suite register of Internet Assigned Numbers Authority (IANA) is
provided in brackets):
o (0x002f) TLS_RSA_WITH_AES_128_CBC_SHA
o (0x003C) TLS_RSA_WITH_AES_128_CBC_SHA256
o (0x0035) TLS_RSA_WITH_AES_256_CBC_SHA
o (0x003D) TLS_RSA_WITH_AES_256_CBC_SHA256
o (0x000a) TLS_RSA_WITH_3DES_EDE_CBC_SHA
o (0x008c) TLS_PSK_WITH_AES_128_CBC_SHA
o (0x008d) TLS_PSK_WITH_AES_256_CBC_SHA
o (0x008b) TLS_PSK_WITH_3DES_EDE_CBC_SHA
o (0x0094) TLS_RSA_PSK_WITH_AES_128_CBC_SHA
o (0x0095) TLS_RSA_PSK_WITH_AES_256_CBC_SHA
o (0x0093) TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
o (0x00ae) TLS_PSK_WITH_AES_128_CBC_SHA256
o (0x00af) TLS_PSK_WITH_AES_256_CBC_SHA384
o (0x00b6) TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
o (0x00b7) TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
See Table 23 for the applicability of cipher suite depending on the module series.
• Certificate to be used for server and mutual authentication:
o The trusted root certificate. The CA certificate should be imported with the AT+USECMNG command.
o The client certificate that should be imported with the AT+USECMNG command.
o The client private key that should be imported with the AT+USECMNG command.
• Expected server hostname, when using certificate validation level 2 or 3.
• Password for the client private key, if it is password protected.
• Pre-shared key used for connection. Defines a pre-shared key and key-name (PSK), when a TLS_PSK_*
cipher suite is used.
• SNI (Server Name Indication). SNI is a feature of SSL/TLS which uses an additional SSL/TLS extension
header to specify the server name to which the client is connecting to. The extension was introduced to
support the certificate handling used with virtual hosting provided by the various SSL/TLS enabled servers
mostly in cloud based infrastructures. With the SNI a server has the opportunity to present a different
server certificate (or/and whole SSL/TLS configuration) based on the host indicated by the SNI extension.