Hello,

This is my first message to this list. I'm also new to mbedTLS and TLS in general, apologies in advance if I make any mistakes with my questions.

I have installed mbedTLS on a STM32H7 with CMSIS/Keil, using the Network module and the mbedTLS pack (v2.6.0) https://www.keil.com/pack/doc/mbedTLS/html/index.html. I have created a server on the MCU, and as a client I am using a desktop application written with Nodejs. Client and server communicate via ethernet interface and I manage to transmit data between them. My priority is to develop the server, not so much the client.

I have a specific requirement to use the cipher suite “TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256”. As far as I understand, the client must show a list of cipher suites to the server, and the server chooses according to its priority. The priority is set with the macro “MBEDTLS_SSL_CIPHERSUITES” When inspecting the communication with *WireShark *I see that among the list sent by the client there is the cipher I need: “TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)”

On the other hand in my mbedTLS_config.h file I have activated the following macro: #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

When the client connects an error occurs in the handshake, the method “mbedtls_ssl_handshake()” returns the return code -0x7380 (MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN).

If I comment the macro “MBEDTLS_SSL_CIPHERSUITES” the handshake method does not return error and works correctly, but the cipher I am looking for is not used, but “TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384”.

Maybe I am forgetting some configuration macro to be able to use the mentioned cipher? Any idea?