u-blox
Version latest

6. Wi-Fi Sockets use cases

6.1 Wi-Fi TCP client

This use case configures NORA-W36 as a Wi-Fi TCP client device that initiates a TCP connection to a specified server (listener) over a Wi-Fi network. It actively seeks to establish communication by sending a connection request to the server’s IP address and port number, which the server is listening on.
The Transmission Control Protocol (TCP) is bidirectional and one socket can both send and receive data:
  • ATE0 turns off the AT command echo to speed up the data transmission in AT mode. The written data is not echoed back to the host, which helps to make the parsing easier.
  • It is possible to connect using a host name like AT+USOC=0,www.u-blox.com,80 or an IP address AT+USOC=0,75.2.60.5,80
  • TCP can both send and receive data between the TCP client and server
Nr
Instructions
AT command
AT event
1
Create a TCP socket
AT+USOCR=6
+USOCR:0
2
Connect using TCP port 5003
AT+USOC=0,192.168.0.200,5003
+UESOC:0
3
It is now possible to send and receive data using String or Binary mode
4
Close TCP socket
AT+USOCL=0
+UESOCL:0

6.2 Wi-Fi TCP server (listener)

This use case configures NORA-W36 as a Wi-Fi TCP server (listener) that is configured to accept incoming TCP connections over a Wi-Fi network. It “listens” on a specific IP address and port number for connection requests.
Nr
Instructions
AT command
AT event
1
Create a TCP socket
AT+USOCR=6
+USOCR:0
2
Start TCP server (listener) on port 5003
AT+USOL=0,5003
+UESOC:0
3
Incoming TCP connection, a new handle 1 to communicate with the connection
+UESOIC:0,192.168.1.100,1
4
It is now possible to send and receive data using String or Binary mode
5
TCP connection is closed from remote side
+UESOCL:1
6
Close TCP listener
AT+USOCL=0
+UESOCL:0

6.3 Wi-Fi UDP client

Unlike TCP, the User Datagram Protocol (UDP) is not bi-directional. Both an outgoing and incoming socket, AT+USOCR, are needed to send and receive data over UDP. It is possible to connect using the host name, like AT+USOC=0,www.u-blox.com,80, or the IP address AT+USOC=0,75.2.60.5,80
Nr
Instructions
AT command
AT event
1
Create a UDP socket
AT+USOCR=17
+USOCR:0
2
Connect using UDP port 5003
AT+USOC=0,192.168.0.200,5003
+UESOC:0
3
It is now possible to send data using String or Binary mode
4
Close UDP socket
AT+USOCL=0
+UESOCL:0

6.4 Wi-Fi UDP server (listener)

Nr
Instructions
AT command
AT event
1
Create a UDP socket
AT+USOCR=17
+USOCR:0
2
Start UDP server (listener) on port 5003
AT+USOL=0,5003
+UESOC:0
3
It is now possible to receive data using String or Binary mode
4
Close UDP listener
AT+USOCL=0
+UESOCL:0

6.5 Wi-Fi TCP using TLS without certificates

TLS Extensions are enabled by default but in some (mostly older) TLS servers they are not supported. See https://www.rfc-editor.org/rfc/rfc6066.html. The extensions, Server Name, Indication and Maximum Fragment Length Negotiation, are disabled with:
  • AT+USETE0=0 Server Name Indication, 0: Disable - 1: Enable (default)
  • AT+USETE1=0 Maximum Fragment Length Negotiation, 0: Disable - 1: Enable (default)
  • All other Extension are disabled and not supported.
  • It is possible to use host name like AT+USOC=0,www.u-blox.com,80 or using ip address AT+USOC=0,75.2.60.5,80 for the connections.
TCP is bidirectional and one socket can both send and receive data.
Nr
Instructions
AT command
AT event
1
Create a TCP socket
AT+USOCR=6
+USOCR:0
2
Add a TLS context to a socket
AT+USOTLS=0,1
3
Connect using TCP port 433
AT+USOC=0,"www.u-blox.com",433
+UESOC:0
4
It is now possible to send data using String or Binary mode
5
Close TCP socket
AT+USOCL=0
+UESOCL:0

6.6 Wi-Fi TCP using TLS with certificates

TCP is bidirectional and one socket can both send and receive data.
Nr
Instructions
AT command
AT event
1
Write a X.509 certificate and private key using Binary data
AT+USECUB=0,"ca.pem"{sendbinarycontentof"ca.pem"}
AT+USECUB=1,"client.pem"{sendbinarycontentof"client.pem"}
AT+USECUB=2,"client.key"{sendbinarycontentof"client.key"}
See Binary data for more information, note that the brackets { and } should NOT be sent, they are just here in this example
2
Create a TCP socket
AT+USOCR=6
+USOCR:0
3
Add a TLS context to a socket and certificates
AT+USOTLS=0,1,"ca.pem","client.pem","client.key"
4
Connect using TCP on port 433
AT+USOC=0,"www.u-blox.com",433
+UESOC:0
5
It is now possible to send data using String or Binary mode
6
Close TCP socket
AT+USOCL=0
+UESOCL:0

6.7 Create own certificates using OpenSSL

Here is some example to cerate own certificates using OpenSSL https://www.openssl.org/. It shows how to use 2048 or 4096 bit keys length. Use Git Bash https://git-scm.com/download/win or a Linux environment like Ubuntu https://ubuntu.com/download to run the examples.
  • Create the root CA key Generate 2048 key size: opensslgenrsa-outca.key2048 or Generate 4096 key size: opensslgenrsa-outca.key4096
  • Create the root CA based on ca.keyopensslreq-x509-sha256-new-nodes-keyca.key-days3650-outca.pem
  • Create server certificate Create the server certificate signing request (CSR) for 2048 key size: opensslreq-newkeyrsa:2048-keyoutserver.key-outserver.csr-nodes or Create the server certificate signing request (CSR) for 4096 key size: opensslreq-newkeyrsa:4096-keyoutserver.key-outserver.csr-nodes
  • Create the server certificate using root CA and server csr, valid for 10 yearsopensslx509-req-CAca.pem-CAkeyca.key-inserver.csr-outserver.pem-days3650-CAcreateserial
  • Create client certificate Create the client certificate signing request (CSR) for 2048 key size: opensslreq-newkeyrsa:2048-keyoutclient.key-outclient.csr-nodes or Create the client certificate signing request (CSR) for 4096 key size: opensslreq-newkeyrsa:4096-keyoutclient.key-outclient.csr-nodes
  • Create the client certificate using root CA and client csr, valid for 10 yearsopensslx509-req-CAca.pem-CAkeyca.key-inclient.csr-outclient.pem-days3650-CAcreateserial
  • In a Windows Git Bash enviromentwinpty is a Windows software package providing an interface similar to a Unix pty-master for communicating with Windows console programs. Set up a local TLS 1.2 server (without CA validation in this case) winptyopenssls_server-CAfileca.pem-keyserver.key-certserver.pem-accept44330-tls1_2-state-Verify1
    Connect to the a local TLS 1.2 server, just to try the connection (without CA validation in this case): winptyopenssls_client-connectlocalhost:44330-CAfileca.pem-keyclient.key-certclient.pem-tls1_2
  • In a Linux enviroment Set up a local TLS 1.2 server (without CA validation in this case)** openssls_server-CAfileca.pem-keyserver.key-certserver.pem-accept44330-tls1_2-state-Verify1
    Connect to the a local TLS 1.2 server, just to try the connection (without CA validation in this case): openssls_client-connectlocalhost:44330-CAfileca.pem-keyclient.key-certclient.pem-tls1_2
Optional steps
  • Check the key size of the CA certificate: opensslx509-inca.pem-text-noout|grep"Public-Key"RSAPublic-Key:(4096bit)
  • Check the key size of the client certificate: opensslx509-inclient.pem-text-noout|grep"Public-Key"RSAPublic-Key:(4096bit)
  • Check the size of the client key: opensslrsa-inclient.key-text-noout|grep"Private-Key"RSAPrivate-Key:(4096bit,2primes)

Last updated: 25 August 2025
Need help?Contact Support
Questions?Contact us