Hello,


This example using https but I'm trying to use this example on Modbus Server. 

This is init function for the server tcp connections:

BOOL
xMBTCPPortInit( USHORT usTCPPort )
{
    struct altcp_pcb *pxPCBListenNew, *pxPCBListenOld;
    BOOL            bOkay = (BOOL)FALSE;
    USHORT          usPort;
    extern struct altcp_tls_config* getTlsConfig(void);
    tls_config = getTlsConfig();
    mbedtls_ssl_conf_dbg(tls_config, my_debug, NULL);
    mbedtls_debug_set_threshold(5);
    if( usTCPPort == 0 )
    {
        usPort = MB_TCP_DEFAULT_PORT;
    }
    else
    {
        usPort = ( USHORT ) usTCPPort;
    }
    if( ( pxPCBListenNew = pxPCBListenOld = altcp_tls_new( tls_config,IPADDR_TYPE_ANY) ) == NULL )
    {
        /* Can't create TCP socket. */
        bOkay = (BOOL)FALSE;
    }
    else 
      if( altcp_bind( pxPCBListenNew, IP_ANY_TYPE, ( u16_t ) usPort ) != ERR_OK )
    {

        /* Bind failed - Maybe illegal port value or in use. */
        ( void )altcp_close( pxPCBListenOld );
        bOkay = (BOOL)FALSE;
    }
    else if( ( pxPCBListenNew = altcp_listen( pxPCBListenNew ) ) == NULL )
    {

        ( void )altcp_close( pxPCBListenOld );
        bOkay = (BOOL)FALSE;
    }
    else
    {

//         altcp_tls_new(pxPCBListenNew, IP_GET_TYPE(ip_addr))*/;
        /* Register callback function for new clients. */
        altcp_accept( pxPCBListenNew, prvxMBTCPPortAccept );

        /* Everything okay. Set global variable. */
        pxPCBListen = pxPCBListenNew;

#ifdef MB_TCP_DEBUG
        vMBPortLog( MB_LOG_DEBUG, "MBTCP-ACCEPT", "Protocol stack ready.\r\n" );
#endif
SerialPrint("MBTCTP-ACCEPT");
    }

    bOkay = (BOOL)TRUE;
    return bOkay;
}

struct altcp_tls_config* getTlsConfig(void)
{
struct altcp_tls_config* conf;
size_t privkey_len = strlen(privkey) + 1;
size_t privkey_pass_len = strlen(privkey_pass) + 1;
size_t cert_len = strlen(cert) + 1;

conf = altcp_tls_create_config_server_privkey_cert((u8_t*)privkey, privkey_len, (u8_t*)privkey_pass, privkey_pass_len, (u8_t*)cert, cert_len);

return conf;
}

And I am using basic python tls client example to show successful mbedtls handshake. 
This is my client.py codes:

import time
from socket import create_connection
from ssl import SSLContext, PROTOCOL_TLS_CLIENT
import ssl

hostname='example.org'
ip = '192.168.1.2'
port = 502
context = SSLContext(PROTOCOL_TLS_CLIENT)
context.options |= ssl.OP_NO_SSLv3
context.options |= ssl.OP_NO_TLSv1
context.options |= ssl.OP_NO_TLSv1_1
context.load_verify_locations('cert.pem')

with create_connection((ip, port)) as client:
with context.wrap_socket(client, server_hostname=hostname) as tls:
print(f'Using {tls.version()}\n')
tls.sendall(b'Hello world')

data = tls.recv(1024)
print(f'Server says: {data}')

When I try to start communication I get below outputs on wireshark:
image.png

When the server send hello message I've this error on the line:
image.png

When I checked the low_level_output functions I get sending data bytes 150 byte but Ipv4 length shows us 576 byte, opt.h file set as default but if I changed TCP_MSS as a 250 byte so I can send 136 byte and Ipv4 packet lenght shows me 136. But does not make sense.  I couldnt do successful handshaking. 

My mbedtls debug outputs in this link https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz  How cna I solve this problem ? What is the reason for the lenght problem ?
Best Regards.



--
Embeded System Engineer