Keep getting "sslRes == null"

[stinger0698]

Can someone explain to me, what i'm doing wrong. I have 1214FC with firmware V4.4. I tried to connect to simulation of PLC аnd it all worked out great. But when i try to connect real PLC "InitSslResponse" returns with "Functioncode.Error2". Am I overlooked something in project description?

[thomas-v2]

The variants of controllers I have tested is limited, maybe there are some other variants out there which weren't tested. Escpecially I haven't tested with any type of F-controllers.

Can you provide a Wireshark logfile of the communication to the real PLC? If possible, then also make a Wireshark logfile when you go online with TIA portal to the real PLC. As the SSL setup fails, may be we can see where the difference is in the unencrypted part.

[stinger0698]

Here what got. I dont really know how to work with certificates, i tried to enable global security settings and add sertificate to device, but nothing changed. Perhaps i missed something in TIA project configuration.
Wireshark.zip

[stinger0698]

Thanks for the feedback I found my mistake, I need firmware V4.5 to establish secure PG/PC connection. After firmware update DriverTest connected to PLC, browsed and read all the tags.
Perhaps you can tell is it possible to not use SSL for communication, if PLC respond with Functioncode.Error2, for access to plc with older firmware?

[thomas-v2]

If TLS isn't used, the plc uses a proprietary / non-standard authentication method by Siemens, which this driver does not support. There are solutions incoming in other projects (also on Github, but I haven't tested this).

In general it would be possible to support older 1200 firmwares which support only TLS1.2 (>=4.3 and <4.5), but I'm forcing to use TLS1.3 for now, at least it makes some parts of the Iso-On-TCP packeting easier, as TLS1.3 with GCM has a fixed HMAC length, and TLS1.2 has a variant length padding.

[jogibear9988]

Do you hve an URL of such a project?

[thomas-v2]

https://github.com/bonk-dev/HarpoS7