Hey friends Im trying to do a secure connection between my stm32 board and server. I wrote the code based on GitHub - eziya/STM32F4_HAL_ETH_MBEDTLS: STM32 mbedTLS library testing (SSL/TLS client) that i found. My board is based on stm32h7 series. And im using google to test my app.(ip 142.250.74.196 port 443) This is the debug section: https://aws1.discourse-cdn.com/standard17/uploads/mbed/original/2X/e/ee636ce... How should i solve the problem?
Here is the debug messages level2:
. Seeding the random number generator... ok . Loading the CA root certificate ... ok (0 skipped) . Connecting to tcp/142.250.74.196/443... ok . Setting up the SSL/TLS structure... ok . Performing the SSL/TLS handshake...=> handshake client state: 0 => flush output <= flush output client state: 1 => flush output <= flush output => write client hello => write handshake message => write record => flush output message length: 100, out_left: 100 ssl->f_send() returned 100 (-0xffffff9c) <= flush output <= write record <= write handshake message <= write client hello client state: 2 => flush output <= flush output => parse server hello => read record => fetch input in_left: 0, nb_want: 5 in_left: 0, nb_want: 5 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) <= fetch input => fetch input in_left: 5, nb_want: 92 in_left: 5, nb_want: 92 ssl->f_recv(_timeout)() returned 87 (-0xffffffa9) <= fetch input <= read record server hello, total extension length: 11 <= parse server hello client state: 3 => flush output <= flush output => parse certificate => read record => fetch input in_left: 0, nb_want: 5 in_left: 0, nb_want: 5 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) <= fetch input bad message length ssl_get_next_record() returned -29184 (-0x7200) mbedtls_ssl_read_record() returned -29184 (-0x7200) <= handshake failed ! mbedtls_ssl_handshake returned -0x7200
=> free <= free
For debugging problems with TLS I would recommend to follow these approaches:
1) You can easily test the TLS client settings against a server when you run the client on a your desktop machine. This allows you to easily discover configuration mistakes (e.g. inappropriate ciphersuite choices or problems with trust anchor settings or certificate chains). 2) Use Wireshark to see what messages are exchanged over the wire. Thereby you will see whether the messages sent around contain what you think they should contain. 3) Set the Mbed TLS debugging support to the highest level. This will give you a lot of information about the internals of Mbed TLS.
In general, it is difficult for others to find out what the problems are since we don't know the server configuration, the client configuration, the network setup, your client application, etc. etc.
Ciao Hannes
-----Original Message----- From: arman_ilmak--- via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: Saturday, April 16, 2022 2:25 PM To: mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Re: Mbed tls handshake returns –x7200
Here is the debug messages level2:
. Seeding the random number generator... ok . Loading the CA root certificate ... ok (0 skipped) . Connecting to tcp/142.250.74.196/443... ok . Setting up the SSL/TLS structure... ok . Performing the SSL/TLS handshake...=> handshake client state: 0 => flush output <= flush output client state: 1 => flush output <= flush output => write client hello => write handshake message => write record => flush output message length: 100, out_left: 100 ssl->f_send() returned 100 (-0xffffff9c) <= flush output <= write record <= write handshake message <= write client hello client state: 2 => flush output <= flush output => parse server hello => read record => fetch input in_left: 0, nb_want: 5 in_left: 0, nb_want: 5 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) <= fetch input => fetch input in_left: 5, nb_want: 92 in_left: 5, nb_want: 92 ssl->f_recv(_timeout)() returned 87 (-0xffffffa9) <= fetch input <= read record server hello, total extension length: 11 <= parse server hello client state: 3 => flush output <= flush output => parse certificate => read record => fetch input in_left: 0, nb_want: 5 in_left: 0, nb_want: 5 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) <= fetch input bad message length ssl_get_next_record() returned -29184 (-0x7200) mbedtls_ssl_read_record() returned -29184 (-0x7200) <= handshake failed ! mbedtls_ssl_handshake returned -0x7200
=> free <= free -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
mbed-tls@lists.trustedfirmware.org
-
arman_ilmak@yahoo.com -
Hannes Tschofenig