teddycloud icon indicating copy to clipboard operation
teddycloud copied to clipboard

Published 20 hours ago verified publisher icon toniebox-reverse-engineering

tc-0.3.5 creates certificates with 2048bit key length

Open KDSix-ThreeDotSeven opened this issue 1 year ago • 4 comments

Hi,

the current teddycloud 0.3.5 release created only certificates with 2048 bit key length on my raspberry and Synology NAS. But the TLS handshake (with a tb cc3235) only worked with the 4096 bit certs from the gencerts.sh script.

Is this a bug or a feature? ;)

KDSix-ThreeDotSeven avatar Mar 11 '24 21:03 KDSix-ThreeDotSeven

The key length shouldn't be the root cause. The original CA has 2048 bit key length.

SciLor avatar Mar 29 '24 23:03 SciLor

The original CA that I extracted from the box also has a key length of 4096 bit. So far the key length was the only difference I could observe between the certs created by gencerts.sh and the teddycloud.

Could there be a cert key lenght check in the firmware of the box?

KDSix-ThreeDotSeven avatar Mar 30 '24 06:03 KDSix-ThreeDotSeven

@SciLor: fixed in develop 👍

henryk86 avatar Sep 20 '24 23:09 henryk86

This isn't the source of the problem. The CC3235 seems to be very picky about the CA, or the cc3200tool doesn't handle the patching as it should. The gencerts.sh script works most of the time. But not always. (And I don't really see differences to the teddyCloud generated certs. Even with 4096 bit keysize I was not able to connect the CC3235 to teddyCloud, as the box refuses with a BAD_CERTIFICATE error during the connection.

SciLor avatar Sep 24 '24 14:09 SciLor