Hi ,
*Problem description :*
Trying to run example https://github.com/ARMmbed/mbedtls/blob/master/programs/ssl/ssl_server2.c .
Updated ssl_server2 port to listen on 7777 for incoming client request ,ssl_server2 will be waiting for remote connection continuously.
There was no client request for connection on this port, but still server is getting some spurious connection request and goes for handshake and fails with below error code.
Error code: mbedtls_ssl_handshake returned error -30976
*Steps to reproduce: =============*
1. start ssl_server2 program 2. Monitor for ssl_server2 connection waiting , observe ssl_server2 will accept spurious connection request and goes for handshake and fails with above mentioned error code.
*Expected behavior:* ssl_server2 wait for remote connection infinitely and connect to valid client request and perform handshake every time.
*Actual behavior:* Occasionally ssl_server2 will accept spurious connection request and goes for handshake and fails with below error code.
Error code: mbedtls_ssl_handshake returned error -30976 on ssl_server2
*Analysis:*
As per below logs what we understand is ssl_server2 will accept spurious connection request and goes for handshake and fails with error code -30796 ,MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO on ssl_server2 side .
Can you please help us to understand this behavior?
What could be the reason for ssl_server2 to connect to a spurious connection request?, as mentioned above there was no client request for connection on this ssl_server2 port( 7777) .
We have tried this on other SERVER_PORT as well .
*Logs Snippet:*
*==========*
. Seeding the random number generator... ok
. Loading the CA root certificate ... ok (0 skipped)
. Loading the server cert. and key... ok
. Bind on tcp://*:7777/ ... ok
. Setting up the SSL/TLS structure... ok
. Waiting for a remote connection ...ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
Regards Mahesh
Updated mbedtls version details .
MBEDTLS_VERSION = 2.26.0
BR Mahesh
On Mon, Feb 7, 2022 at 4:11 PM B Mahesh maheshb25@gmail.com wrote:
Hi ,
*Problem description :*
Trying to run example https://github.com/ARMmbed/mbedtls/blob/master/programs/ssl/ssl_server2.c .
Updated ssl_server2 port to listen on 7777 for incoming client request ,ssl_server2 will be waiting for remote connection continuously.
There was no client request for connection on this port, but still server is getting some spurious connection request and goes for handshake and fails with below error code.
Error code: mbedtls_ssl_handshake returned error -30976
*Steps to reproduce: =============*
- start ssl_server2 program
- Monitor for ssl_server2 connection waiting , observe ssl_server2 will
accept spurious connection request and goes for handshake and fails with above mentioned error code.
*Expected behavior:* ssl_server2 wait for remote connection infinitely and connect to valid client request and perform handshake every time.
*Actual behavior:* Occasionally ssl_server2 will accept spurious connection request and goes for handshake and fails with below error code.
Error code: mbedtls_ssl_handshake returned error -30976 on ssl_server2
*Analysis:*
As per below logs what we understand is ssl_server2 will accept spurious connection request and goes for handshake and fails with error code -30796 ,MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO on ssl_server2 side .
Can you please help us to understand this behavior?
What could be the reason for ssl_server2 to connect to a spurious connection request?, as mentioned above there was no client request for connection on this ssl_server2 port( 7777) .
We have tried this on other SERVER_PORT as well .
*Logs Snippet:*
*==========*
. Seeding the random number generator... ok
. Loading the CA root certificate ... ok (0 skipped)
. Loading the server cert. and key... ok
. Bind on tcp://*:7777/ ... ok
. Setting up the SSL/TLS structure... ok
. Waiting for a remote connection ...ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
Regards Mahesh
Good day Please answer my questions - there is very little literature on the topic. I do not know what to do. I have dealt with the message [2:40] issue. I did not enroll the user certificate using: if((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey))!= 0) and this certificate was not transmitted. Now I have taken it a step further, the certificate is successfully transferred and the server does not break the connection. I switched to TLS 1.3. ---------------------------------------------------------------------- But in your examples, I see the use of two certificates: mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) And also the key: ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng ); In my version, I only have a client certificate. I working with https://test.mosquitto.org/ Would you advise where to get the missing certificates and where to get the key for the mbedtls_pk_parse_key function? ---------------------------------------------------------------------- Now in both functions I use the same certificate and a PCA key from the example. I get a message: ..\Src\mbedTLS\library\ssl_msg.c:4645:got an alert message, type: [2:51] ..\Src\mbedTLS\library\ssl_msg.c:4653:is a fatal alert message (msg 51) ..\Src\mbedTLS\library\ssl_msg.c:3763:mbedtls_ssl_handle_message_type() returned -30592 (-0x7780) ..\Src\mbedTLS\library\ssl_msg.c:4771:mbedtls_ssl_read_record() returned -30592 (-0x7780) Sincerely, Shabrov Dmitry
Понедельник, 7 февраля 2022, 16:28 +03:00 от B Mahesh via Mbed-tls-announce via mbed-tls mbed-tls@lists.trustedfirmware.org: Hi ,
*Problem description :*
Trying to run example https://github.com/ARMmbed/mbedtls/blob/master/programs/ssl/ssl_server2.c .
Updated ssl_server2 port to listen on 7777 for incoming client request ,ssl_server2 will be waiting for remote connection continuously.
There was no client request for connection on this port, but still server is getting some spurious connection request and goes for handshake and fails with below error code.
Error code: mbedtls_ssl_handshake returned error -30976
*Steps to reproduce: =============*
1. start ssl_server2 program 2. Monitor for ssl_server2 connection waiting , observe ssl_server2 will accept spurious connection request and goes for handshake and fails with above mentioned error code.
*Expected behavior:* ssl_server2 wait for remote connection infinitely and connect to valid client request and perform handshake every time.
*Actual behavior:* Occasionally ssl_server2 will accept spurious connection request and goes for handshake and fails with below error code.
Error code: mbedtls_ssl_handshake returned error -30976 on ssl_server2
*Analysis:*
As per below logs what we understand is ssl_server2 will accept spurious connection request and goes for handshake and fails with error code -30796 ,MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO on ssl_server2 side .
Can you please help us to understand this behavior?
What could be the reason for ssl_server2 to connect to a spurious connection request?, as mentioned above there was no client request for connection on this ssl_server2 port( 7777) .
We have tried this on other SERVER_PORT as well .
*Logs Snippet:*
*==========*
. Seeding the random number generator... ok
. Loading the CA root certificate ... ok (0 skipped)
. Loading the server cert. and key... ok
. Bind on tcp://*:7777/ ... ok
. Setting up the SSL/TLS structure... ok
. Waiting for a remote connection ...ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed
Regards Mahesh -- Mbed-tls-announce mailing list -- mbed-tls-announce@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave@lists.trustedfirmware.org -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
mbed-tls-announce@lists.trustedfirmware.org
-
B Mahesh -
Dmitrij Shabroff