Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

coap.properties

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Nov 13, 2023 by Josefin Klang (Deactivated)
2 min read

The file coap.properties contains configuration options for the CoAP proxy that may be used as part of the EST protocol.

To communicate with Protocol Gateway, the CoAP proxy will use TLS client authentication using the virtual registration officer configured in Protocol Gateway.

Some CoAP server settings related to DTLS (such as ports) are configured in Californium.properties, a file that will be created with default values the first time you start the proxy. 

Relative paths specified below are relative the <configroot>

 About <configroot>
<configroot> corresponds to the following paths: 
Windows <configroot>
%ALLUSERSPROFILE%/Nexus/cm-gateway/
Linux <configroot>
/var/cm-gateway/

CoAPs Proxy parameters

These parameters in coap.properties are used to configure the Protocol Gateway CoAP Proxy. 

ParameterDescription
start

Controls if the EST-CoAPs proxy should start or not.

start = false
proxyPort

The Protocol Gateway port for client TLS authentication. I.e. the port where the proxy will forward the requests.

proxyPort = 8444
discoveryPath

The resource type "ace.est" will be set at the discoveryPath which will be returned when a client is doing a discovery. The resource types "ace.est.crts", "ace.est.sen", "ace.est.sren", "ace.est.att", "ace.est.skg", "ace.est.skc" will be set at the corresponding endpoints under the discoveryPath.

# discoveryPath = /.well-known/est/coap/
includeHandlers

This regular expression controls what handlers in est.properties that will be included for use in the CoAP proxy. The proxy will filter away unsupported endpoints automatically. 

This only needs to be changed if EST is multitenant and only some handlers in est.properties are meant for CoAP. The following example would only include handlers with a coap/ sub-path:

# includeHandlers = .*coap/.*

DTLS parameters

These parameters in coap.properties are used to configure the DTLS communication that is required for CoAPs. 

ParameterDescription
tlsToken

A PKCS#12 file containing the private key, certificate and full certificate chain for the DTLS server certificate.

tlsToken = myTlsToken.p12
tlsTokenPassword

The password for unlocking the PKCS#12 file. It is recommended to obfuscate sensitive data with .encrypted.

tlsTokenPassword.encrypted = 1234
cipherSuite

The cipher suites that the DTLS endpoint should support.

cipherSuite.0 = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
#cipherSuite.1 = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#cipherSuite.2 = TLS_NULL_WITH_NULL_NULL
#cipherSuite.3 = TLS_PSK_WITH_AES_128_CBC_SHA256
#cipherSuite.4 = TLS_PSK_WITH_AES_128_CCM_8
trustAll

Enable trust all policy for the DTLS.

# trustAll = false
retransmissionTimeout

Sets the (starting) time to wait before a handshake package gets retransmitted. On each retransmission, the time is doubled.

# retransmissionTimeout = 1000

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions