We are testing the HosatAP module integrated with MBedTLS version 2.19.1. But we are receiving an error during the SSL handshake. In Server side we are using hostapd daemon - we see the below error:

SSL: SSL_accept:SSLv3/TLS write server done
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=21 (alert/)
OpenSSL: Message - hexdump(len=2): [REMOVED]
SSL: (where=0x4008 ret=0x20a)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unexpected_message
authsrv: local TLS alert: unexpected_message
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in error
OpenSSL: openssl_handshake - SSL_connect error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message
SSL: 7 bytes pending from ssl_out
SSL: Failed - tls_out available to report error
EAP-TLS: CONTINUE -> FAILURE
OpenSSL: Session was not cached
EAP: Session-Id - hexdump(len=0): [NULL]
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method failed -> FAILURE
EAP: EAP entering state FAILURE
EAP: Building EAP-Failure (id=134)

In wireshark logs we see the below details:

Frame 52: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface \Device\NPF_{87758CCA-2149-4961-9FDA-E59432A16D13}, id 0
Ethernet II, Src: DanfossDrive_00:8c:94 (00:1b:08:00:8c:94), Dst: Nearest-non-TPMR-bridge (01:80:c2:00:00:03)
802.1X Authentication
    Version: 802.1X-2004 (2)
    Type: EAP Packet (0)
    Length: 208
Extensible Authentication Protocol
    Code: Response (2)
    Id: 168
    Length: 208
    Type: TLS EAP (EAP-TLS) (13)
    EAP-TLS Flags: 0x00
        0... .... = Length Included: False
        .0.. .... = More Fragments: False
        ..0. .... = Start: False
    Transport Layer Security
        TLSv1.2 Record Layer: Handshake Protocol: Client Hello
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 197
            Handshake Protocol: Client Hello
                Handshake Type: Client Hello (1)
                Length: 193
                Version: TLS 1.2 (0x0303)
                Random: 259e9db9530f8afbc74536b9a963b4f1c4cb738bcea7403d4d606b6e074ec5d3
                    GMT Unix Time: Jan  1, 1990 05:30:57.000000000 India Standard Time
                    Random Bytes: 530f8afbc74536b9a963b4f1c4cb738bcea7403d4d606b6e074ec5d3
                Session ID Length: 0
                Cipher Suites Length: 80
                Cipher Suites (40 suites)
                    Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
                    Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
                    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (0xc0af)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 (0xc0a3)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
                    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae)
                    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM_8 (0xc0a2)
                    Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                    Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d)
                    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
                    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                    Cipher Suite: TLS_RSA_WITH_AES_256_CCM_8 (0xc0a1)
                    Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                    Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c)
                    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
                    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                    Cipher Suite: TLS_RSA_WITH_AES_128_CCM_8 (0xc0a0)
                    Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
                Compression Methods Length: 1
                Compression Methods (1 method)
                    Compression Method: null (0)
                Extensions Length: 72
                Extension: signature_algorithms (len=22)
                    Type: signature_algorithms (13)
                    Length: 22
                    Signature Hash Algorithms Length: 20
                    Signature Hash Algorithms (10 algorithms)
                        Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
                            Signature Hash Algorithm Hash: SHA512 (6)
                            Signature Hash Algorithm Signature: ECDSA (3)
                        Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                            Signature Hash Algorithm Hash: SHA512 (6)
                            Signature Hash Algorithm Signature: RSA (1)
                        Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                            Signature Hash Algorithm Hash: SHA384 (5)
                            Signature Hash Algorithm Signature: ECDSA (3)
                        Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                            Signature Hash Algorithm Hash: SHA384 (5)
                            Signature Hash Algorithm Signature: RSA (1)
                        Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                            Signature Hash Algorithm Hash: SHA256 (4)
                            Signature Hash Algorithm Signature: ECDSA (3)
                        Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                            Signature Hash Algorithm Hash: SHA256 (4)
                            Signature Hash Algorithm Signature: RSA (1)
                        Signature Algorithm: SHA224 ECDSA (0x0303)
                            Signature Hash Algorithm Hash: SHA224 (3)
                            Signature Hash Algorithm Signature: ECDSA (3)
                        Signature Algorithm: SHA224 RSA (0x0301)
                            Signature Hash Algorithm Hash: SHA224 (3)
                            Signature Hash Algorithm Signature: RSA (1)
                        Signature Algorithm: ecdsa_sha1 (0x0203)
                            Signature Hash Algorithm Hash: SHA1 (2)
                            Signature Hash Algorithm Signature: ECDSA (3)
                        Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
                            Signature Hash Algorithm Hash: SHA1 (2)
                            Signature Hash Algorithm Signature: RSA (1)
                Extension: supported_groups (len=24)
                    Type: supported_groups (10)
                    Length: 24
                    Supported Groups List Length: 22
                    Supported Groups (11 groups)
                        Supported Group: secp521r1 (0x0019)
                        Supported Group: brainpoolP512r1 (0x001c)
                        Supported Group: secp384r1 (0x0018)
                        Supported Group: brainpoolP384r1 (0x001b)
                        Supported Group: secp256r1 (0x0017)
                        Supported Group: secp256k1 (0x0016)
                        Supported Group: brainpoolP256r1 (0x001a)
                        Supported Group: secp224r1 (0x0015)
                        Supported Group: secp224k1 (0x0014)
                        Supported Group: secp192r1 (0x0013)
                        Supported Group: secp192k1 (0x0012)
                Extension: ec_point_formats (len=2)
                    Type: ec_point_formats (11)
                    Length: 2
                    EC point formats Length: 1
                    Elliptic curves point formats (1)
                        EC point format: uncompressed (0)
                Extension: encrypt_then_mac (len=0)
                    Type: encrypt_then_mac (22)
                    Length: 0
                Extension: extended_master_secret (len=0)
                    Type: extended_master_secret (23)
                    Length: 0
                Extension: session_ticket (len=0)
                    Type: session_ticket (35)
                    Length: 0
                    Session Ticket: <MISSING>
                [JA4: 12i400600_9479543b8654_7b0ba9b4cf08]
                [JA4_r [truncated]: 12i400600_002f,0033,0035,0039,003c,003d,0067,006b,009c,009d,009e,009f,00ff,c009,c00a,c013,c014,c023,c024,c027,c028,c02b,c02c,c02f,c030,c09c,c09d,c09e,c09f,c0a0,c0a1,c0a2,c0a3,c0ac,c0ad,c0ae,c0af,cca8,cca9,ccaa_000a,000b,]
                [JA3 Fullstring [truncated]: 771,52392-52393-52394-49196-49200-159-49325-49311-49188-49192-107-49162-49172-57-49327-49315-49195-49199-158-49324-49310-49187-49191-103-49161-49171-51-49326-49314-157-49309-61-53-49313-156-49308-60-47-49312-255]
                [JA3: fee1630eb5b7688c9f8303364702933f]

As you can see the Session Ticket details are missing and that Length 0 field is the last byte in the message but still in Wireshark we see other details like JA4, JA4_r etc?

Is the "Client Hello" response from the client in the correct format?