TLS 1.2 mqtt:ssl handshake failed err:-0x7280

Hi,

I’m facing issue with MQTT TLS Ver1.2 using, the ssl handshake failed err:-0x7280 on the beginning of handshake process.

SDK used is below.
https://github.com/ambiot/amb1_sdk

Modification point are:

  1. inc/platform_opts.h
/* For SSL/TLS */
#define CONFIG_USE_POLARSSL     1
#define CONFIG_USE_MBEDTLS      0

Change to

/* For SSL/TLS */
#define CONFIG_USE_POLARSSL     0
#define CONFIG_USE_MBEDTLS      1
  1. component\common\network\ssl\mbedtls-2.4.0\include\mbedtls\config_rsa.h
    #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096
    change to
    #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384

    //#define MBEDTLS_DEBUG_C
    change to
    #define MBEDTLS_DEBUG_C

  2. component\common\application\mqtt\MQTTClient\MQTTFreertos.c

  int NetworkConnect(Network* n, char* addr, int port)
  {
    .
    .
    if((mbedtls_ssl_config_defaults(n->conf,
				MBEDTLS_SSL_IS_CLIENT,
				MBEDTLS_SSL_TRANSPORT_STREAM,
				MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {        //  <--TLS 1.0
			mqtt_printf(MQTT_DEBUG, "ssl config defaults failed!");
			goto err;
     }
    .
    .
  }

Change to

 int NetworkConnect(Network* n, char* addr, int port)
  {
    .
    .
    if((mbedtls_ssl_config_defaults(n->conf,
				MBEDTLS_SSL_IS_CLIENT,
				MBEDTLS_SSL_TRANSPORT_STREAM,
				MBEDTLS_SSL_PRESET_SUITEB)) != 0) {        // <-- TLS 1.2
			mqtt_printf(MQTT_DEBUG, "ssl config defaults failed!");
			goto err;
     }
    .
    .
  }

Below is the ssl handshake log.

[Sat Dec 04 22:12:24.182 2021] [7287]mqtt:root_crt parse done
[Sat Dec 04 22:12:24.198 2021] ssl_tls.c:6344: |2| => handshake
[Sat Dec 04 22:12:24.198 2021] ssl_cli.c:3279: |2| client state: 0
[Sat Dec 04 22:12:24.214 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:12:24.215 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:12:24.247 2021] ssl_cli.c:3279: |2| client state: 1
[Sat Dec 04 22:12:24.248 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:12:24.248 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:12:24.264 2021] ssl_cli.c:0717: |2| => write client hello
[Sat Dec 04 22:12:24.280 2021] ssl_cli.c:0755: |3| client hello, max version: [3:3]
[Sat Dec 04 22:12:24.281 2021] ssl_cli.c:0764: |3| dumping 'client hello, random bytes' (32 bytes)
[Sat Dec 04 22:12:24.309 2021] ssl_cli.c:0764: |3| 0000:  96 42 17 1b 4c 8b 10 08 85 e6 93 0b 68 02 10 0a  .B..L.......h...
[Sat Dec 04 22:12:24.326 2021] ssl_cli.c:0764: |3| 0010:  0c f4 91 0b fa 46 10 0b 48 bd 90 0b b3 64 90 0b  .....F..H....d..
[Sat Dec 04 22:12:24.357 2021] ssl_cli.c:0817: |3| client hello, session id len.: 0
[Sat Dec 04 22:12:24.373 2021] ssl_cli.c:0818: |3| dumping 'client hello, session id' (0 bytes)
[Sat Dec 04 22:12:24.389 2021] ssl_cli.c:0918: |3| client hello, got 1 ciphersuites
[Sat Dec 04 22:12:24.405 2021] ssl_cli.c:0949: |3| client hello, compress len.: 1
[Sat Dec 04 22:12:24.421 2021] ssl_cli.c:0951: |3| client hello, compress alg.: 0
[Sat Dec 04 22:12:24.437 2021] ssl_cli.c:0178: |3| client hello, adding signature_algorithms extension
[Sat Dec 04 22:12:24.453 2021] ssl_cli.c:0508: |3| client hello, adding encrypt_then_mac extension
[Sat Dec 04 22:12:24.469 2021] ssl_cli.c:0542: |3| client hello, adding extended_master_secret extension
[Sat Dec 04 22:12:24.485 2021] ssl_cli.c:0575: |3| client hello, adding session ticket extension
[Sat Dec 04 22:12:24.501 2021] ssl_cli.c:1023: |3| client hello, total extension length: 22
[Sat Dec 04 22:12:24.517 2021] ssl_tls.c:2705: |2| => write record
[Sat Dec 04 22:12:24.533 2021] ssl_tls.c:2842: |3| output record: msgtype = 22, version = [3:3], msglen = 69
[Sat Dec 04 22:12:24.549 2021] ssl_tls.c:2845: |4| dumping 'output record sent to network' (74 bytes)
[Sat Dec 04 22:12:24.565 2021] ssl_tls.c:2845: |4| 0000:  16 03 03 00 45 01 00 00 41 03 03 96 42 17 1b 4c  ....E...A...B..L
[Sat Dec 04 22:12:24.600 2021] ssl_tls.c:2845: |4| 0010:  8b 10 08 85 e6 93 0b 68 02 10 0a 0c f4 91 0b fa  .......h........
[Sat Dec 04 22:12:24.647 2021] ssl_tls.c:2845: |4| 0020:  46 10 0b 48 bd 90 0b b3 64 90 0b 00 00 02 00 ff  F..H....d.......
[Sat Dec 04 22:12:24.649 2021] ssl_tls.c:2845: |4| 0030:  01 00 00 16 00 0d 00 06 00 04 04 01 05 01 00 16  ................
[Sat Dec 04 22:12:24.679 2021] ssl_tls.c:2845: |4| 0040:  00 00 00 17 00 00 00 23 00 00                    .......#..
[Sat Dec 04 22:12:24.692 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:12:24.708 2021] ssl_tls.c:2439: |2| message length: 74, out_left: 74
[Sat Dec 04 22:12:24.724 2021] ssl_tls.c:2445: |2| ssl->f_send() returned 74 (-0xffffffb6)
[Sat Dec 04 22:12:24.740 2021] ssl_tls.c:2464: |2| <= flush output
[Sat Dec 04 22:12:24.741 2021] ssl_tls.c:2854: |2| <= write record
[Sat Dec 04 22:12:24.756 2021] ssl_cli.c:1049: |2| <= write client hello
[Sat Dec 04 22:12:24.771 2021] ssl_cli.c:3279: |2| client state: 2
[Sat Dec 04 22:12:24.772 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:12:24.787 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:12:24.803 2021] ssl_cli.c:1410: |2| => parse server hello
[Sat Dec 04 22:12:24.803 2021] ssl_tls.c:3732: |2| => read record
[Sat Dec 04 22:12:24.819 2021] ssl_tls.c:2212: |2| => fetch input
[Sat Dec 04 22:12:24.835 2021] ssl_tls.c:2370: |2| in_left: 0, nb_want: 5
[Sat Dec 04 22:12:24.917 2021] ssl_tls.c:2394: |2| in_left: 0, nb_want: 5
[Sat Dec 04 22:12:24.918 2021] ssl_tls.c:2395: |2| ssl->f_recv(_timeout)() returned 0 (-0x0000)
[Sat Dec 04 22:12:24.938 2021] ssl_tls.c:3793: |1| mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
[Sat Dec 04 22:12:24.964 2021] ssl_tls.c:3738: |1| mbedtls_ssl_read_record_layer() returned -29312 (-0x7280)
[Sat Dec 04 22:12:24.981 2021] ssl_cli.c:1416: |1| mbedtls_ssl_read_record() returned -29312 (-0x7280)
[Sat Dec 04 22:12:25.012 2021] ssl_tls.c:6354: |2| <= handshake
[Sat Dec 04 22:12:25.012 2021] 
[Sat Dec 04 22:12:25.012 2021] [8121]mqtt:ssl handshake failed err:-0x7280
[Sat Dec 04 22:12:25.042 2021] ssl_tls.c:7064: |2| => free
[Sat Dec 04 22:12:25.090 2021] ssl_tls.c:7129: |2| <= free

Seem the problem is occur on the beginning of the handshake process.

Any suggestion ?

Regards,

-0x7280 corresponds to MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */

my guess would be that the enabled ciphersuites and those supported on the server are different

@wyy
Thanks for your quick reply.

my guess would be that the enabled ciphersuites and those supported on the server are different

That was my guess also.

Below are results from https://www.ssllabs.com/ssltest/ for the ciphersuites test of TLS 1.2.

TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ( 0xc027 ) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ( 0x9f ) DH 2048 bits FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ( 0x9e ) DH 2048 bits FS 128
TLS_RSA_WITH_AES_256_GCM_SHA384 ( 0x9d ) WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 ( 0x9c ) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 ( 0x3d ) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 ( 0x3c ) WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ( 0xc014 ) ECDH secp384r1 (eq. 7680 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ( 0xc013 ) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA ( 0x35 ) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA ( 0x2f ) WEAK 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA ( 0xa ) WEAK 112

I try to enable all above list inside config_rsa.h, but still facing the same issue.

Regards,

You might want to try configuring mbedTLS to the same settings used for the RTL8722DM, and see if those would work.

@wyy
Thank you for your support.
Still cannot success to handshake got the same error code. Now I contact to server side support, maybe if we can get server side log we might know the reason.

Anyway, one thing I want to confirm with you.
Is there any limitation to use TLS Ver1.2 on ameba1 ?

Regards,

@ruanjanc

I have gotten the ssl handshake working with google.com, but that is with MBEDTLS_SSL_PRESET_DEFAULT instead of MBEDTLS_SSL_PRESET_SUITEB.

Is there a specific reason to be using SUITEB?
also, can you provide the server you are testing with?

@wyy
I have gotten the ssl handshake working with [google.com](http://google.com/), but that is with MBEDTLS_SSL_PRESET_DEFAULTinstead ofMBEDTLS_SSL_PRESET_SUITEB .
Is MBEDTLS_SSL_PRESET_DEFAULT not for TLS Ver1.0 ?

Is there a specific reason to be using SUITEB?
This is because of server side is not support for TLS ver1.0, it support for TLS ver1.2.

Below is from ssl_tls.c

int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
                                 int endpoint, int transport, int preset )
{
.
.
    /*
     * Preset-specific defaults
     */
    switch( preset )
    {
        /*
         * NSA Suite B
         */
        case MBEDTLS_SSL_PRESET_SUITEB:
            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;

            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
                                   ssl_preset_suiteb_ciphersuites;

.
            break;

        /*
         * Default
         */
        default:
            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
.
.
}

From above code if we need TLS ver1.2 we have to use MBEDTLS_SSL_PRESET_SUITEB, Is my understand correct ?

can you provide the server you are testing with?
I test with hivemq cloud mqtt broker.
https://www.hivemq.com/mqtt-cloud-broker/
I have free account, if you are interest to test I can share my account name via PM.

Regards,

@wyy
Probably it is my misunderstood regarding to MBEDTLS_SSL_PRESET_SUITEB.
Is MBEDTLS_SSL_PRESET_SUITEB not mean force to use TLS Ver1.2 right ?

Seem that the beginning of handshake process client side inform tls min/max version supported to server side.

So, if we used MBEDTLS_SSL_PRESET_DEFAULT

        default:
            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;

client side tls min version would be 1.0 and max version would be 1.2.

I will switch to use MBEDTLS_SSL_PRESET_DEFAULT.

Regards,

@ruanjanc

I am not too familiar with the use of SUITEB, but it seems to impose additional requirements on top of TLS1.2, such as limitations on the ciphersuites hashes and encryption curves that can be used.

In any case, I could connect to hivemq with MBEDTLS_SSL_PRESET_DEFAULT.