Client handshake error on STM32
Hi. I'm working on an IoT project using an STM32 Cortex-M4 microcontroller with an ESP12F WiFi module. Up until now, my application was running smoothly using the WiFi module to open sockets and communicate to a server using HTTP without SSL/TLS. I'm trying to add SSL/TLS functionality to my project so I can use HTTPS. I am using SW4STM32 IDE (based on Eclipse) and the STM32CubeMX code generator. I have added the mbedTLS source code to my project and successfully compiled, based on an example from ST (I am using the HAL Library for STM32F4 version 1.16). I have modified the net_sockets.c file to fit my application (where the socket interface is done through AT commands through a UART). The basic socket I/O is working correctly. I am trying to test it by connecting to "www.google.com" on port 443 and send a GET request. But I'm currently stuck with a handshake error. I have implemented the debug function and set the debug level to 4. This is what I get when I try to connect with google:
=> handshake client state: 0 => flush output <= flush output client state: 1 => flush output <= flush output => write client hello client hello, max version: [3:3] client hello, current time: 4294967295 dumping 'client hello, random bytes' (32 bytes) 0000: ff ff ff ff 13 b2 5f 8b 5c ce 16 dc a7 81 b3 ad ......_.\....... 0010: 0f 61 00 a1 aa e0 22 5d 7e 0d 94 a6 5a 21 49 ae .a...."]~...Z!I. client hello, session id len.: 0 dumping 'client hello, session id' (0 bytes) client hello, add ciphersuite: c02c client hello, add ciphersuite: c02b client hello, got 3 ciphersuites client hello, compress len.: 1 client hello, compress alg.: 0 client hello, adding signature_algorithms extension client hello, adding supported_elliptic_curves extension client hello, adding supported_point_formats extension client hello, total extension length: 30 => write record output record: msgtype = 22, version = [3:1], msglen = 81 dumping 'output record sent to network' (86 bytes) 0000: 16 03 01 00 51 01 00 00 4d 03 03 ff ff ff ff 13 ....Q...M....... 0010: b2 5f 8b 5c ce 16 dc a7 81 b3 ad 0f 61 00 a1 aa ._.\........a... 0020: e0 22 5d 7e 0d 94 a6 5a 21 49 ae 00 00 06 c0 2c ."]~...Z!I....., 0030: c0 2b 00 ff 01 00 00 1e 00 0d 00 0a 00 08 06 03 .+.............. 0040: 05 03 04 03 03 03 00 0a 00 06 00 04 00 18 00 17 ................ 0050: 00 0b 00 02 01 00 ...... => flush output message length: 86, out_left: 86 ssl->f_send() returned 86 (-0xffffffaa) <= flush output <= write record <= write client hello client state: 2 => flush output <= flush output => parse server hello => read record => fetch input in_left: 0, nb_want: 5 in_left: 0, nb_want: 5 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) <= fetch input dumping 'input record header' (5 bytes) 0000: 15 03 03 00 02 ..... input record: msgtype = 21, version = [3:3], msglen = 2 => fetch input in_left: 5, nb_want: 7 in_left: 5, nb_want: 7 ssl->f_recv(_timeout)() returned 2 (-0xfffffffe) <= fetch input dumping 'input record from network' (7 bytes) 0000: 15 03 03 00 02 02 28 ......( got an alert message, type: [2:40] is a fatal alert message (msg 40) mbedtls_ssl_handle_message_type() returned -30592 (-0x7780) mbedtls_ssl_read_record() returned -30592 (-0x7780) <= handshake
I have tried sending the client hello (86 bytes) directly through the AT interface, opening a socket and sending the data in hex. And the response I'm getting is the same. Could someone please help me understand what is going on here? I'm new to SSL/TLS and mbedTLS and I don't understand what's happening in the debug output. Particularly the "is a fatal alert message (msg 40)" part. What does msg 40 mean?
Thank you very much in advance.
Best regards, Ezequiel.
mbed TLS Forum firstname.lastname@example.org wrote:
through a UART). The basic socket I/O is working correctly. I am trying to test it by connecting to "www.google.com" on port 443 and send a GET request. But I'm currently stuck with a handshake error. I have
I suggest that you connect to a server under your control so that you can turn the debug level way up at the server end and see what is going on.
You'll also want to use tcpdump and ssldump http://ssldump.sourceforge.net/ to verify the traffic you are seeing.
> 03 03 00 02 02 28 ......( got an alert message, type: [2:40] is a fatal > alert message (msg 40) mbedtls_ssl_handle_message_type() returned > -30592 (-0x7780) mbedtls_ssl_read_record() returned -30592 (-0x7780) <=
It looks like the server doesn't like something.
with an ESP12F WiFi module. Up until now, my application was running smoothly using the WiFi module to open sockets and communicate to a server using HTTP without SSL/TLS. I'm trying to add SSL/TLS functionality to my project so I
I don't know how the ESP12F module works, but you mention an AT interface suggesting to me that it's serial attached. I'm guessing that the TCP/IP stack is inside the ESP12F, vs you sending ethernet packets to it to send over the air.
How do you specify host and port? Does the ESP12F perhaps do all of HTTP for you rather than just TCP?
Hi..i am a new user here. As per my knowledge Server is configured to allow client handshake renegotiation using the SSLRenegotiation directive. This configuration is vulnerable to man-in-the middle attacks. Use this configuration only if it is necessary for your client and be aware of the risk. For more information about the exposure, refer to the public documentation about CVE-2009-3555.
I communicate using ESP - 05 WiFi module with 5V RS232 connection to microcontroller. I recieve same error [2:28] BAD MAC ERROR.
Thirst I adapt MBEDTLS by myself and get this result. Then I installed Linux UBUNTU and compiled the project again. As advised to me Ron Eldor. It's working well. Then I moved this project to the STM32L476 processor. The project works now good.