I'm building a headset device which is using the Qualcomm QCC512x family. I need to be able to connect to a third party device using BREDR for the "classic" profiles - HFP/A2DP/AVRCP etc. On top of that I am implementing a GATT server to act as a custom service for an app.
Happily the Qualcomm device is entirely capable of maintaining this dual mode connection in the correct role (ACL slave/GATT server). However I have an issue when it comes to encryption and authentication. The Qualcomm chipset unfortunately does not fully support BREDR Secure Connections - there are all sorts of issues, and even in Qualcomm's docs it is not recommended to enable BREDR Secure Connections. That means that Cross-Transport Key Derivation is off the table, which means that if I want LE encryption I must ask the user to pair to my headset again when the GATT characteristics are accessed.
This leads to the ugly situation where I have multiple connections with the same user-friendly name showing up in the OS "Bluetooth" pairing page. I also believe this process will be confusing to my users. Additionally this could lead to undesired situations where LE pairing is rejected by the user due to a mistake or unfamiliarity with my process.
Without LE pairing I cannot authenticate the static LE address which the third party device uses, since I cannot resolve it to the public BREDR address. It seems to me like the only option left is to disable LE pairing entirely - which I'm not totally convinced is a good idea. Am I missing something? Is there some other option I have overlooked to enable LE pairing or authentication while sparing my users this confusing process?
