Hello,
This is my first message to this list. I'm also new to mbedTLS and TLS in
general, apologies in advance if I make any mistakes with my questions.
I have installed mbedTLS on a STM32H7 with CMSIS/Keil, using the Network
module and the mbedTLS pack (v2.6.0)
<https://www.keil.com/pack/doc/mbedTLS/html/index.html>. I have created a
server on the MCU, and as a client I am using a desktop application written
with Nodejs. Client and server communicate via ethernet interface and I
manage to transmit data between them. My priority is to develop the server,
not so much the client.
I have a specific requirement to use the cipher suite
“TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256”. As far as I understand, the
client must show a list of cipher suites to the server, and the server
chooses according to its priority. The priority is set with the macro
“MBEDTLS_SSL_CIPHERSUITES” When inspecting the communication with *WireShark
*I see that among the list sent by the client there is the cipher I need:
“TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)”
On the other hand in my mbedTLS_config.h file I have activated the
following macro:
#define MBEDTLS_SSL_CIPHERSUITES
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
When the client connects an error occurs in the handshake, the method
“mbedtls_ssl_handshake()” returns the return code -0x7380
(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN).
If I comment the macro “MBEDTLS_SSL_CIPHERSUITES” the handshake method does
not return error and works correctly, but the cipher I am looking for is
not used, but “TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384”.
Maybe I am forgetting some configuration macro to be able to use the
mentioned cipher? Any idea?
--
Jordi Enguídanos Naranjo
