67
Expert Power Control 8221/8226
© 2022 GUDE Systems GmbH
Specifications
epc8226Dew Point
.58.1.6.1.1.6.x
Integer32
RO
dew point for actual temperature and humidity
epc8226Dew PointDiff
.58.1.6.1.1.7.x
Integer32
RO
difference betw een dew point and actual temperature (Temp -
Dew Point)
epc8226ExtSensorName
.58.1.6.1.1.32.x
OCTETS
RW
A textual string containing name of a external Sensor
4.7
SSL
TLS Standard
The device is compatible with TLS v1.1 to TLS v1.3 standards, but due to lack of secur-
ity, SSL v3.0, TLS 1.0, and RC4, MD5, SHA1, and DES encryption are disabled. All
ciphers use Diffie-Hellman key exchange (Perfect Forward Secrecy).
TLS 1.3 performance
The interaction of TLS 1.3 and unsecure certificates and a web browser with Chromium
Engine (Google Chrome or MS Edge) can lead to performance losses, and thus longer
loading times. In this constellation, the Chromium Engine does not correctly support the
SSL Session Cache (Session Tickets) and the math unit of the embedded CPU may be
overwhelmed with continuous RSA operations. There are some possible workarounds:
·
Use secure certificates (official certificate authority or marked as secure in the OS)
·
or use of the Firefox browser
·
or use of ECC 256 (no RSA) certificates
·
or configure to "TLS v1.2 only
Creating your own Certificates
The SSL stack is supplied with a specially newly generated self-signed certificate. There is no
function to generate the local certificate anew at the touch of a button, since the required ran-
dom numbers in an embedded device are usually not independent enough. However, you can
create new certificates and import them to the device. The server accepts RSA (2048/4096)
and ECC (Elliptic Curve Cryptography) certificates.
Usually OpenSSL is used to create an SSL certificate. For Windows for example, there is the
light version of
. There you open a command prompt, change to
the directory "C:\OpenSSL-Win32\bin" and set these environment variables:
set openssl_conf=C:\OpenSSL-Win32\bin\openssl.cfg
set RANDFILE=C:\OpenSSL-Win32\bin\.rnd
Here are some examples for the generation with OpenSSL:
Creation of a self-signed RSA 2048-bit certificate
openssl genrsa -out server.key 2048
openssl req -new -x509 -days 365 -key server.key -out server.crt
RSA 2048-bit certificate with Sign Request:
Summary of Contents for Expert Power Control 8221 Series
Page 2: ...2 Expert Power Control 8221 8226 2022 GUDESystems GmbH ...
Page 5: ...Device Description ...
Page 14: ...Operating ...
Page 25: ...Configuration ...
Page 54: ...Specifications ...
Page 109: ...Support ...