Hi,
I’m facing issue with MQTT TLS Ver1.2 using, the ssl handshake failed err:-0x7280 on the beginning of handshake process.
SDK used is below.
https://github.com/ambiot/amb1_sdk
Modification point are:
- inc/platform_opts.h
/* For SSL/TLS */
#define CONFIG_USE_POLARSSL 1
#define CONFIG_USE_MBEDTLS 0
Change to
/* For SSL/TLS */
#define CONFIG_USE_POLARSSL 0
#define CONFIG_USE_MBEDTLS 1
-
component\common\network\ssl\mbedtls-2.4.0\include\mbedtls\config_rsa.h
#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096
change to
#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
//#define MBEDTLS_DEBUG_C
change to
#define MBEDTLS_DEBUG_C
-
component\common\application\mqtt\MQTTClient\MQTTFreertos.c
int NetworkConnect(Network* n, char* addr, int port)
{
.
.
if((mbedtls_ssl_config_defaults(n->conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { // <--TLS 1.0
mqtt_printf(MQTT_DEBUG, "ssl config defaults failed!");
goto err;
}
.
.
}
Change to
int NetworkConnect(Network* n, char* addr, int port)
{
.
.
if((mbedtls_ssl_config_defaults(n->conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_SUITEB)) != 0) { // <-- TLS 1.2
mqtt_printf(MQTT_DEBUG, "ssl config defaults failed!");
goto err;
}
.
.
}
Below is the ssl handshake log.
[Sat Dec 04 22:12:24.182 2021] [7287]mqtt:root_crt parse done
[Sat Dec 04 22:12:24.198 2021] ssl_tls.c:6344: |2| => handshake
[Sat Dec 04 22:12:24.198 2021] ssl_cli.c:3279: |2| client state: 0
[Sat Dec 04 22:12:24.214 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:12:24.215 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:12:24.247 2021] ssl_cli.c:3279: |2| client state: 1
[Sat Dec 04 22:12:24.248 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:12:24.248 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:12:24.264 2021] ssl_cli.c:0717: |2| => write client hello
[Sat Dec 04 22:12:24.280 2021] ssl_cli.c:0755: |3| client hello, max version: [3:3]
[Sat Dec 04 22:12:24.281 2021] ssl_cli.c:0764: |3| dumping 'client hello, random bytes' (32 bytes)
[Sat Dec 04 22:12:24.309 2021] ssl_cli.c:0764: |3| 0000: 96 42 17 1b 4c 8b 10 08 85 e6 93 0b 68 02 10 0a .B..L.......h...
[Sat Dec 04 22:12:24.326 2021] ssl_cli.c:0764: |3| 0010: 0c f4 91 0b fa 46 10 0b 48 bd 90 0b b3 64 90 0b .....F..H....d..
[Sat Dec 04 22:12:24.357 2021] ssl_cli.c:0817: |3| client hello, session id len.: 0
[Sat Dec 04 22:12:24.373 2021] ssl_cli.c:0818: |3| dumping 'client hello, session id' (0 bytes)
[Sat Dec 04 22:12:24.389 2021] ssl_cli.c:0918: |3| client hello, got 1 ciphersuites
[Sat Dec 04 22:12:24.405 2021] ssl_cli.c:0949: |3| client hello, compress len.: 1
[Sat Dec 04 22:12:24.421 2021] ssl_cli.c:0951: |3| client hello, compress alg.: 0
[Sat Dec 04 22:12:24.437 2021] ssl_cli.c:0178: |3| client hello, adding signature_algorithms extension
[Sat Dec 04 22:12:24.453 2021] ssl_cli.c:0508: |3| client hello, adding encrypt_then_mac extension
[Sat Dec 04 22:12:24.469 2021] ssl_cli.c:0542: |3| client hello, adding extended_master_secret extension
[Sat Dec 04 22:12:24.485 2021] ssl_cli.c:0575: |3| client hello, adding session ticket extension
[Sat Dec 04 22:12:24.501 2021] ssl_cli.c:1023: |3| client hello, total extension length: 22
[Sat Dec 04 22:12:24.517 2021] ssl_tls.c:2705: |2| => write record
[Sat Dec 04 22:12:24.533 2021] ssl_tls.c:2842: |3| output record: msgtype = 22, version = [3:3], msglen = 69
[Sat Dec 04 22:12:24.549 2021] ssl_tls.c:2845: |4| dumping 'output record sent to network' (74 bytes)
[Sat Dec 04 22:12:24.565 2021] ssl_tls.c:2845: |4| 0000: 16 03 03 00 45 01 00 00 41 03 03 96 42 17 1b 4c ....E...A...B..L
[Sat Dec 04 22:12:24.600 2021] ssl_tls.c:2845: |4| 0010: 8b 10 08 85 e6 93 0b 68 02 10 0a 0c f4 91 0b fa .......h........
[Sat Dec 04 22:12:24.647 2021] ssl_tls.c:2845: |4| 0020: 46 10 0b 48 bd 90 0b b3 64 90 0b 00 00 02 00 ff F..H....d.......
[Sat Dec 04 22:12:24.649 2021] ssl_tls.c:2845: |4| 0030: 01 00 00 16 00 0d 00 06 00 04 04 01 05 01 00 16 ................
[Sat Dec 04 22:12:24.679 2021] ssl_tls.c:2845: |4| 0040: 00 00 00 17 00 00 00 23 00 00 .......#..
[Sat Dec 04 22:12:24.692 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:12:24.708 2021] ssl_tls.c:2439: |2| message length: 74, out_left: 74
[Sat Dec 04 22:12:24.724 2021] ssl_tls.c:2445: |2| ssl->f_send() returned 74 (-0xffffffb6)
[Sat Dec 04 22:12:24.740 2021] ssl_tls.c:2464: |2| <= flush output
[Sat Dec 04 22:12:24.741 2021] ssl_tls.c:2854: |2| <= write record
[Sat Dec 04 22:12:24.756 2021] ssl_cli.c:1049: |2| <= write client hello
[Sat Dec 04 22:12:24.771 2021] ssl_cli.c:3279: |2| client state: 2
[Sat Dec 04 22:12:24.772 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:12:24.787 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:12:24.803 2021] ssl_cli.c:1410: |2| => parse server hello
[Sat Dec 04 22:12:24.803 2021] ssl_tls.c:3732: |2| => read record
[Sat Dec 04 22:12:24.819 2021] ssl_tls.c:2212: |2| => fetch input
[Sat Dec 04 22:12:24.835 2021] ssl_tls.c:2370: |2| in_left: 0, nb_want: 5
[Sat Dec 04 22:12:24.917 2021] ssl_tls.c:2394: |2| in_left: 0, nb_want: 5
[Sat Dec 04 22:12:24.918 2021] ssl_tls.c:2395: |2| ssl->f_recv(_timeout)() returned 0 (-0x0000)
[Sat Dec 04 22:12:24.938 2021] ssl_tls.c:3793: |1| mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
[Sat Dec 04 22:12:24.964 2021] ssl_tls.c:3738: |1| mbedtls_ssl_read_record_layer() returned -29312 (-0x7280)
[Sat Dec 04 22:12:24.981 2021] ssl_cli.c:1416: |1| mbedtls_ssl_read_record() returned -29312 (-0x7280)
[Sat Dec 04 22:12:25.012 2021] ssl_tls.c:6354: |2| <= handshake
[Sat Dec 04 22:12:25.012 2021]
[Sat Dec 04 22:12:25.012 2021] [8121]mqtt:ssl handshake failed err:-0x7280
[Sat Dec 04 22:12:25.042 2021] ssl_tls.c:7064: |2| => free
[Sat Dec 04 22:12:25.090 2021] ssl_tls.c:7129: |2| <= free
Seem the problem is occur on the beginning of the handshake process.
Any suggestion ?
Regards,