DTLS 1.2 using MBEDTLS; error during HANDSHAKE

Hello,

I am using MBedTLS library on my STM32 device to run a DTLS 1.2 Client. I am then communicating over a serial interface with a DTLS 1.2 Server running on Windows 11 using the openssl library. A python script is use to tunnel the message from the serial port to the UDP port of the server.

Additional info:

• I am using PSK and no certificates.
• The openssl server and openssl client running on a localhost are able to create a session successfully.
• openssl version is 3.4.1

I receive an error during the handshake process. The server is unable to generate a new session ticket and tries instead to send “Server Hello” and “Server Hello Done”. Is there anything that I need to take into consideration while implementing the DTLS 1.2 client to avoid this behavior.

The communication seems to end this way,

BR

I met the same issue, but not in DTLS (I have other issues in DTLS handshaking). It’s failed in the last step of the TLS 1.2, decrypting the “client_finished“ message by using the generated key.

You can print out the log to see if the same issue reported. I doubt the mbedTLS is not compliant with OpenSSL somewhere when using the PSK-AES ciphersuites.

Here is part the failure point of my logs:

mbedtls_cipher_auth_decrypt_ext() returned -25344 (-0x6300)
ssl_decrypt_buf() returned -29056 (-0x7180)
=> send alert message
send alert level=2 message=20

If you found any solution, feel free to let us know here!

J.W