Notifications are a free for all, security be damned.

[fhars]

Nimble automatically creates a Client Configuration Characteristic for every Characteristic that allows notifications or indications that is writeable without encryption or authentication:

mynewt-nimble/nimble/host/src/ble_gatts.c

Line 823 in c802fe7

rc = ble_att_svr_register(uuid_ccc, BLE_ATT_F_READ | BLE_ATT_F_WRITE, 0,

This allows any connected client to subscribe to any notification and get the values in plain text, independent of the confidentiality settings of the characteristic itself.

It should probably set the appropriate BLE_ATT_F_READ_* and BLE_ATT_F_WRITE_* flags if any of BLE_ATT_F_READ_{ENC,AUTHEN,AUTHOR} is set for the base characteristic.

[sjanc]

Hi,

CCCD is required by spec to be readable without authentication or authorization...
This would probably require a bit more rework on how this is handled in stack.

As a quick workaround I'd suggest to not use ble_gatts_chr_updated() and use ble_gatts_notify_custom() with txom provided by caller. In such case application would be able to validate security before sending notification.