PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

TLS Handshake problem


Mar 16, 2017 09:59
Deemanth PJ

Hi, I am trying establish the tls connection with AWS IOT Cloud, for that we need TLS 1.2 .So I have used mbedtls on my platform as a client mode.I have taken sslclient1(example) as a reference. Problems that I am facing is
1)As and when i send a Client Hello message

([16][03][01][00]K[01][00][00]G[03][03]¹[12]R§øç™—3Ñÿ([1A]/Û½Öف‰w–Ý÷øÖ¾[1F]âî[00][00][04]À/[00]ÿ[01][00][00][1A][00][00][08][00][06][04][01][03][01][02][01][00][00][04][00][02][00][13][00][0B][00][02][01][00) .

i receive Alert message as

([15][03][03][02][02]closed)  

2)My config.h file for mbedtls is

#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H

/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
#define MBEDTLS_ENTROPY_HARDWARE_ALT
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C

/* mbed TLS feature support */
#define MBEDTLS_GCM_C
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED


/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_AES_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C


/* For test certificates */
#define MBEDTLS_BASE64_C
#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C


#define MBEDTLS_SSL_CIPHERSUITES                MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
                                                MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \




#define MBEDTLS_SSL_MAX_CONTENT_LEN             512



#include "mbedtls/check_config.h"


#endif.
 
Apr 25, 2017 18:38
Jerry

You are receiving this error because you are not supporting curves that AWS supports. In their documentation AWS says their support EC cryptography with the curves NIST P-256 or NIST P-384.

Replace: #define MBEDTLS_ECP_DP_SECP192R1_ENABLED

With: #define MBEDTLS_ECP_DP_SECP256R1_ENABLED and/or #define MBEDTLS_ECP_DP_SECP384R1_ENABLED