* Re: How to make GATT only accessible over LE connection
@ 2017-06-29 12:28 Ravi Minnikanti
2017-06-29 12:51 ` Luiz Augusto von Dentz
0 siblings, 1 reply; 2+ messages in thread
From: Ravi Minnikanti @ 2017-06-29 12:28 UTC (permalink / raw)
To: linux-bluetooth
Hello,
I have a GATT service implemented with "encrypt-write" characteristic
flags on a dual-mode chipset. It works well over a LE connection with
AES-CCM encryption.
But, my GATT characteristics are accessible over BR/EDR connection which
uses a Link key encryption.
Can someone please help me to know, Is there any way I can make my GATT
only accessible over a LE connection ?
I understand that this cannot be done from bluez and should be done at
kernel.
Thanks,
Ravi
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: How to make GATT only accessible over LE connection
2017-06-29 12:28 How to make GATT only accessible over LE connection Ravi Minnikanti
@ 2017-06-29 12:51 ` Luiz Augusto von Dentz
0 siblings, 0 replies; 2+ messages in thread
From: Luiz Augusto von Dentz @ 2017-06-29 12:51 UTC (permalink / raw)
To: Ravi Minnikanti; +Cc: linux-bluetooth
Hi Ravi,
On Thu, Jun 29, 2017 at 3:28 PM, Ravi Minnikanti
<ravi.minnikanti@gslab.com> wrote:
> Hello,
>
> I have a GATT service implemented with "encrypt-write" characteristic flags
> on a dual-mode chipset. It works well over a LE connection with AES-CCM
> encryption.
> But, my GATT characteristics are accessible over BR/EDR connection which
> uses a Link key encryption.
It shouldn't make any difference in terms of security, or you are
really referring to 'secure-write' that is the one that would require
the so called LE secure connections.
> Can someone please help me to know, Is there any way I can make my GATT only
> accessible over a LE connection ?
Im not sure having the GATT database behaving differently for the
bearers is a good idea, to start with this makes things like cross
pairing not very reliable since depending on what bearer the
connection comes in we would have to emit service changed cleaning or
restoring the range, those ranges may have CCC subscriptions which
afaik are not bearer specific.
Perhaps a better idea would be to disable GATT over BR/EDR? For that
we could arrange a config option.
> I understand that this cannot be done from bluez and should be done at
> kernel.
>
> Thanks,
>
> Ravi
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth"
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-06-29 12:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-29 12:28 How to make GATT only accessible over LE connection Ravi Minnikanti
2017-06-29 12:51 ` Luiz Augusto von Dentz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.