A little progress. I figured out where-ssl_encrypt_buf() in ssl_tls.c-to output the name of the offending ciphersuite, which is included in all 3 of the preconfigure Google Cloud SSL policies.
So what's going on here? Why should the mbedTLS client wait forever for 5 bytes it will never get, stalling the connection, instead timing out or otherwise detecting an error it could return?
I'm totally at a loss for what to do with this, other than looking for a commercially supported alternative, which I don't think would be received very well by my manager.
Jeff Thompson | Senior Electrical Engineer-Firmware +1 704 752 6513 x1394 www.invue.com
[cid:image001.gif@01D64BB6.03781220]
From: Thompson, Jeff Sent: Friday, June 26, 2020 09:40 To: mbed-tls@lists.trustedfirmware.org Subject: Choosing a cipher
The TLS handshake between my device and ghs.googlehosted.com gets stalled when the server sends the device a Change Cipher Spec message-the device waits forever, wanting 5 more bytes. From what I Google'd, I need to change the cipher suite I'm using. How do I know which cipher the server doesn't like (so I can avoid that in future), and which one I should be using-there are scores of these available in the config file, though some of them clearly should not be used, as they are commented that way..
Jeff Thompson | Senior Electrical Engineer-Firmware +1 704 752 6513 x1394 www.invue.com
[cid:image001.gif@01D64BB6.03781220]