Error 0x7780 during handshake

Mbed TLS
1

Hello all!

This time I am using mbedTLS as a client for connection to remote server. Handshake procedure mbedtls_ssl_handshake each time gives me an error 0x7780 (30592). My code is taken from ssl_client1.c example. I took the logs below. What am I missing: wrong ciphersuite / Server name / others? Thank you for any hint.

Logs:

ssl_tls.c:6754: |2| => handshake
ssl_cli.c:3384: |2| client state: 0
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_cli.c:3384: |2| client state: 1
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_cli.c:0770: |2| => write client hello
ssl_cli.c:0808: |3| client hello, max version: [3:3]
ssl_cli.c:0703: |3| client hello, current time: 3
ssl_cli.c:0817: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_cli.c:0817: |3| 0000:  00 00 00 00 76 a0 12 da 58 6f 48 3c 14 72 c3 aa  ....v...XoH<.r..
ssl_cli.c:0817: |3| 0010:  22 ac 98 8a 5b 1b 3c 77 9f cb 78 19 16 55 0d 6c  "...[.<w..x..U.l
ssl_cli.c:0870: |3| client hello, session id len.: 0
ssl_cli.c:0871: |3| dumping 'client hello, session id' (0 bytes)
ssl_cli.c:0918: |3| client hello, add ciphersuite: c02c
ssl_cli.c:0918: |3| client hello, add ciphersuite: c02b
ssl_cli.c:0925: |3| client hello, got 2 ciphersuites (excluding SCSVs)
ssl_cli.c:0934: |3| adding EMPTY_RENEGOTIATION_INFO_SCSV
ssl_cli.c:0983: |3| client hello, compress len.: 1
ssl_cli.c:0985: |3| client hello, compress alg.: 0
ssl_cli.c:0186: |3| client hello, adding signature_algorithms extension
ssl_cli.c:0271: |3| client hello, adding supported_elliptic_curves extension
ssl_cli.c:0336: |3| client hello, adding supported_point_formats extension
ssl_cli.c:1059: |3| client hello, total extension length: 30
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:1], msglen = 81
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 86, out_left: 86
ssl_tls.c:2496: |2| ssl->f_send() returned 86 (-0xffffffaa)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_cli.c:1085: |2| <= write client hello
ssl_cli.c:3384: |2| client state: 2
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_cli.c:1478: |2| => parse server hello
ssl_tls.c:3809: |2| => read record
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3561: |3| input record: msgtype = 21, version = [3:3], msglen = 2
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 7
ssl_tls.c:2437: |2| in_left: 5, nb_want: 7
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:4100: |2| got an alert message, type: [2:80]
ssl_tls.c:4108: |1| is a fatal alert message (msg 80)
ssl_tls.c:3831: |1| mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
ssl_cli.c:1485: |1| mbedtls_ssl_read_record() returned -30592 (-0x7780)
ssl_tls.c:6764: |2| <= handshake
ssl_tls.c:7542: |2| => free
ssl_tls.c:7607: |2| <= free
ssl_tls.c:6754: |2| => handshake
ssl_cli.c:3384: |2| client state: 0
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_cli.c:3384: |2| client state: 1
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_cli.c:0770: |2| => write client hello
ssl_cli.c:0808: |3| client hello, max version: [3:3]
ssl_cli.c:0703: |3| client hello, current time: 3
ssl_cli.c:0817: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_cli.c:0817: |3| 0000:  00 00 00 00 11 0f 97 2f f9 d5 13 21 14 1a 34 a1  ......./...!..4.
ssl_cli.c:0817: |3| 0010:  a7 a3 94 6e e3 14 ab 22 98 15 53 98 b8 89 49 92  ...n..."..S...I.
ssl_cli.c:0870: |3| client hello, session id len.: 0
ssl_cli.c:0871: |3| dumping 'client hello, session id' (0 bytes)
ssl_cli.c:0918: |3| client hello, add ciphersuite: c02c
ssl_cli.c:0918: |3| client hello, add ciphersuite: c02b
ssl_cli.c:0925: |3| client hello, got 2 ciphersuites (excluding SCSVs)
ssl_cli.c:0934: |3| adding EMPTY_RENEGOTIATION_INFO_SCSV
ssl_cli.c:0983: |3| client hello, compress len.: 1
ssl_cli.c:0985: |3| client hello, compress alg.: 0
ssl_cli.c:0186: |3| client hello, adding signature_algorithms extension
ssl_cli.c:0271: |3| client hello, adding supported_elliptic_curves extension
ssl_cli.c:0336: |3| client hello, adding supported_point_formats extension
ssl_cli.c:1059: |3| client hello, total extension length: 30
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:1], msglen = 81
ssl_tls.c:2913: |4| dumping 'output record sent to network' (86 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 01 00 51 01 00 00 4d 03 03 00 00 00 00 11  ....Q...M.......
ssl_tls.c:2913: |4| 0010:  0f 97 2f f9 d5 13 21 14 1a 34 a1 a7 a3 94 6e e3  ../...!..4....n.
ssl_tls.c:2913: |4| 0020:  14 ab 22 98 15 53 98 b8 89 49 92 00 00 06 c0 2c  .."..S...I.....,
ssl_tls.c:2913: |4| 0030:  c0 2b 00 ff 01 00 00 1e 00 0d 00 0a 00 08 06 03  .+..............
ssl_tls.c:2913: |4| 0040:  05 03 04 03 03 03 00 0a 00 06 00 04 00 18 00 17  ................
ssl_tls.c:2913: |4| 0050:  00 0b 00 02 01 00                                ......
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 86, out_left: 86
ssl_tls.c:2496: |2| ssl->f_send() returned 86 (-0xffffffaa)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_cli.c:1085: |2| <= write client hello
ssl_cli.c:3384: |2| client state: 2
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_cli.c:1478: |2| => parse server hello
ssl_tls.c:3809: |2| => read record
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3552: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3552: |4| 0000:  15 03 03 00 02                                   .....
ssl_tls.c:3561: |3| input record: msgtype = 21, version = [3:3], msglen = 2
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 7
ssl_tls.c:2437: |2| in_left: 5, nb_want: 7
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3738: |4| dumping 'input record from network' (7 bytes)
ssl_tls.c:3738: |4| 0000:  15 03 03 00 02 02 50                             ......P
ssl_tls.c:4100: |2| got an alert message, type: [2:80]
ssl_tls.c:4108: |1| is a fatal alert message (msg 80)
ssl_tls.c:3831: |1| mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
ssl_cli.c:1485: |1| mbedtls_ssl_read_record() returned -30592 (-0x7780)
ssl_tls.c:6764: |2| <= handshake
ssl_tls.c:7542: |2| => free
ssl_tls.c:7607: |2| <= free
2

Hi @EvgeniyVasyliev
The error you are getting means that you have received a fatal alert from the server.
This fatal alert was sent after the server received the ClientHello message from your client.
This means that the server couldn’t find common parameters for a TLS handshake. Usually it is the server can’t support the proposed ciphersuites, however it could be other cases such as unsupported eliptic curves and hashes.
However, from your log, I see that your client only suggests c02c (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) and c02b (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
So I am assuming your server only has RSA signed certificates. You can try using the SSL Labs server test to see what ciphersuites this server supports
Regards,
Mbed TLS Support
Ron

3

Thank you, @roneld01. Your response is really helpful.

4

I would like to continue the topic. I returned back to old problem, which I could not solve last year. This time I am armoured with RSA certificate and the ciphersuits in the client match the ciphersuits used on server (checked by SSL Labs server test), however the miracle does not happen and I still receive the same error code 0x7780. Please point any possible reason for it!

Prerequisites:

  • STM32F427 MCU
  • mbedTLS version 2.27.0 used as a client to connect to a remote server

Problem: handsakes fatal error with code -0x7780.

Here is a detailed log (debug level 4):

ssl_tls.c:5822: |2| => handshake

ssl_cli.c:4419: |2| client state: 0

ssl_msg.c:2231: |2| => flush output

ssl_msg.c:2243: |2| <= flush output

ssl_cli.c:4419: |2| client state: 1

ssl_msg.c:2231: |2| => flush output

ssl_msg.c:2243: |2| <= flush output

ssl_cli.c:0993: |2| => write client hello

ssl_cli.c:1049: |3| client hello, max version: [3:3]

ssl_cli.c:0909: |3| client hello, current time: ld

ssl_cli.c:1058: |3| dumping 'client hello, random bytes' (32 bytes)

ssl_cli.c:1058: |3| 0000:  ff ff ff ff 9a 60 1a 59 9b b4 88 a0 66 04 e0 ad  .....`.Y....f...

ssl_cli.c:1058: |3| 0010:  88 e3 65 b0 4d de 7a 92 e1 df b6 95 6b 9a cb 01  ..e.M.z.....k...

ssl_cli.c:1118: |3| client hello, session id len.: zu

ssl_cli.c:1119: |3| dumping 'client hello, session id' (0 bytes)

ssl_cli.c:1186: |3| client hello, add ciphersuite: 0xc02c (TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384) 
ssl_cli.c:1186: |3| client hello, add ciphersuite: 0xc02b (TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256) 
ssl_cli.c:1186: |3| client hello, add ciphersuite: 0xc02f (TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256)

ssl_cli.c:1186: |3| client hello, add ciphersuite: 0xc030 (TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384)

ssl_cli.c:1201: |3| client hello, got zu ciphersuites (excluding SCSVs)

ssl_cli.c:1210: |3| adding EMPTY_RENEGOTIATION_INFO_SCSV

ssl_cli.c:1264: |3| client hello, compress len.: 1

ssl_cli.c:1266: |3| client hello, compress alg.: 0

ssl_cli.c:0225: |3| client hello, adding signature_algorithms extension

ssl_cli.c:0318: |3| client hello, adding supported_elliptic_curves extension

ssl_cli.c:0388: |3| client hello, adding supported_point_formats extension

ssl_cli.c:0542: |3| client hello, adding max_fragment_length extension

ssl_cli.c:1425: |3| client hello, total extension length: zu

ssl_msg.c:2669: |2| => write handshake message

ssl_msg.c:2829: |2| => write record

ssl_msg.c:2947: |3| output record: msgtype = 22, version = [3:1], msglen = zu

ssl_msg.c:2950: |4| dumping 'output record sent to network' (105 bytes)

ssl_msg.c:2950: |4| 0000:  16 03 01 00 64 01 00 00 60 03 03 ff ff ff ff 9a  ....d...`.......

ssl_msg.c:2950: |4| 0010:  60 1a 59 9b b4 88 a0 66 04 e0 ad 88 e3 65 b0 4d  `.Y....f.....e.M

ssl_msg.c:2950: |4| 0020:  de 7a 92 e1 df b6 95 6b 9a cb 01 00 00 0a c0 2c  .z.....k.......,

ssl_msg.c:2950: |4| 0030:  c0 2b c0 2f c0 30 00 ff 01 00 00 2d 00 0d 00 12  .+./.0.....-....

ssl_msg.c:2950: |4| 0040:  00 10 06 03 06 01 05 03 05 01 04 03 04 01 03 03  ................

ssl_msg.c:2950: |4| 0050:  03 01 00 0a 00 08 00 06 00 18 00 17 00 1e 00 0b  ................

ssl_msg.c:2950: |4| 0060:  00 02 01 00 00 01 00 01 03                       .........

ssl_msg.c:2231: |2| => flush output

ssl_msg.c:2251: |2| message length: zu, out_left: zu

ssl_msg.c:2256: |2| ssl->f_send() returned 105 (-0xffffff97)

ssl_msg.c:2284: |2| <= flush output

ssl_msg.c:3000: |2| <= write record

ssl_msg.c:2806: |2| <= write handshake message

ssl_cli.c:1462: |2| <= write client hello

ssl_cli.c:4419: |2| client state: 2

ssl_msg.c:2231: |2| => flush output

ssl_msg.c:2243: |2| <= flush output

ssl_cli.c:2064: |2| => parse server hello

ssl_msg.c:4032: |2| => read record

ssl_msg.c:2015: |2| => fetch input

ssl_msg.c:2172: |2| in_left: zu, nb_want: zu

ssl_msg.c:2197: |2| in_left: zu, nb_want: zu

ssl_msg.c:2198: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

ssl_msg.c:2218: |2| <= fetch input

ssl_msg.c:3766: |4| dumping 'input record header' (5 bytes)

ssl_msg.c:3766: |4| 0000:  15 03 03 00 02                                   .....

ssl_msg.c:3771: |3| input record: msgtype = 21, version = [3:3], msglen = zu

ssl_msg.c:2015: |2| => fetch input

ssl_msg.c:2172: |2| in_left: zu, nb_want: zu

ssl_msg.c:2197: |2| in_left: zu, nb_want: zu

ssl_msg.c:2198: |2| ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)

ssl_msg.c:2218: |2| <= fetch input

ssl_msg.c:3878: |4| dumping 'input record from network' (7 bytes)

ssl_msg.c:3878: |4| 0000:  15 03 03 00 02 02 50                             ......P

ssl_msg.c:4981: |2| got an alert message, type: [2:80]

ssl_msg.c:4989: |1| is a fatal alert message (msg 80)

ssl_msg.c:4090: |1| mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)

ssl_cli.c:2069: |1| mbedtls_ssl_read_record() returned -30592 (-0x7780)

ssl_tls.c:5833: |2| <= handshake

ssl_msg.c:5940: |2| => write close notify

ssl_msg.c:5956: |2| <= write close notify

ssl_tls.c:6770: |2| => free

ssl_tls.c:6859: |2| <= free

Error in HTTP_Client_Connect
ssl_tls.c:5822: |2| => handshake

ssl_cli.c:4419: |2| client state: 0

ssl_msg.c:2231: |2| => flush output

ssl_msg.c:2243: |2| <= flush output

ssl_cli.c:4419: |2| client state: 1

ssl_msg.c:2231: |2| => flush output

ssl_msg.c:2243: |2| <= flush output

ssl_cli.c:0993: |2| => write client hello

ssl_cli.c:1049: |3| client hello, max version: [3:3]

ssl_cli.c:0909: |3| client hello, current time: ld

ssl_cli.c:1058: |3| dumping 'client hello, random bytes' (32 bytes)

ssl_cli.c:1058: |3| 0000:  ff ff ff ff 18 17 df 62 b9 33 b0 1d 2e 5f 37 06  .......b.3..._7.

ssl_cli.c:1058: |3| 0010:  a8 ad d6 e4 1b a7 1b 73 42 65 a4 9d 77 d8 27 4d  .......sBe..w.'M

ssl_cli.c:1118: |3| client hello, session id len.: zu

ssl_cli.c:1119: |3| dumping 'client hello, session id' (0 bytes)

ssl_cli.c:1186: |3| client hello, add ciphersuite: 0xc02c (TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384) 
ssl_cli.c:1186: |3| client hello, add ciphersuite: 0xc02b (TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256) 
ssl_cli.c:1186: |3| client hello, add ciphersuite: 0xc02f (TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256)

ssl_cli.c:1186: |3| client hello, add ciphersuite: 0xc030 (TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384)

ssl_cli.c:1201: |3| client hello, got zu ciphersuites (excluding SCSVs)

ssl_cli.c:1210: |3| adding EMPTY_RENEGOTIATION_INFO_SCSV

ssl_cli.c:1264: |3| client hello, compress len.: 1

ssl_cli.c:1266: |3| client hello, compress alg.: 0

ssl_cli.c:0225: |3| client hello, adding signature_algorithms extension

ssl_cli.c:0318: |3| client hello, adding supported_elliptic_curves extension

ssl_cli.c:0388: |3| client hello, adding supported_point_formats extension

ssl_cli.c:0542: |3| client hello, adding max_fragment_length extension

ssl_cli.c:1425: |3| client hello, total extension length: zu

ssl_msg.c:2669: |2| => write handshake message

ssl_msg.c:2829: |2| => write record

ssl_msg.c:2947: |3| output record: msgtype = 22, version = [3:1], msglen = zu

ssl_msg.c:2950: |4| dumping 'output record sent to network' (105 bytes)

ssl_msg.c:2950: |4| 0000:  16 03 01 00 64 01 00 00 60 03 03 ff ff ff ff 18  ....d...`.......

ssl_msg.c:2950: |4| 0010:  17 df 62 b9 33 b0 1d 2e 5f 37 06 a8 ad d6 e4 1b  ..b.3..._7......

ssl_msg.c:2950: |4| 0020:  a7 1b 73 42 65 a4 9d 77 d8 27 4d 00 00 0a c0 2c  ..sBe..w.'M....,

ssl_msg.c:2950: |4| 0030:  c0 2b c0 2f c0 30 00 ff 01 00 00 2d 00 0d 00 12  .+./.0.....-....

ssl_msg.c:2950: |4| 0040:  00 10 06 03 06 01 05 03 05 01 04 03 04 01 03 03  ................

ssl_msg.c:2950: |4| 0050:  03 01 00 0a 00 08 00 06 00 18 00 17 00 1e 00 0b  ................

ssl_msg.c:2950: |4| 0060:  00 02 01 00 00 01 00 01 03                       .........

ssl_msg.c:2231: |2| => flush output

ssl_msg.c:2251: |2| message length: zu, out_left: zu

ssl_msg.c:2256: |2| ssl->f_send() returned 105 (-0xffffff97)

ssl_msg.c:2284: |2| <= flush output

ssl_msg.c:3000: |2| <= write record

ssl_msg.c:2806: |2| <= write handshake message

ssl_cli.c:1462: |2| <= write client hello

ssl_cli.c:4419: |2| client state: 2

ssl_msg.c:2231: |2| => flush output

ssl_msg.c:2243: |2| <= flush output

ssl_cli.c:2064: |2| => parse server hello

ssl_msg.c:4032: |2| => read record

ssl_msg.c:2015: |2| => fetch input

ssl_msg.c:2172: |2| in_left: zu, nb_want: zu

ssl_msg.c:2197: |2| in_left: zu, nb_want: zu

ssl_msg.c:2198: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

ssl_msg.c:2218: |2| <= fetch input

ssl_msg.c:3766: |4| dumping 'input record header' (5 bytes)

ssl_msg.c:3766: |4| 0000:  15 03 03 00 02                                   .....

ssl_msg.c:3771: |3| input record: msgtype = 21, version = [3:3], msglen = zu

ssl_msg.c:2015: |2| => fetch input

ssl_msg.c:2172: |2| in_left: zu, nb_want: zu

ssl_msg.c:2197: |2| in_left: zu, nb_want: zu

ssl_msg.c:2198: |2| ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)

ssl_msg.c:2218: |2| <= fetch input

ssl_msg.c:3878: |4| dumping 'input record from network' (7 bytes)

ssl_msg.c:3878: |4| 0000:  15 03 03 00 02 02 50                             ......P

ssl_msg.c:4981: |2| got an alert message, type: [2:80]

ssl_msg.c:4989: |1| is a fatal alert message (msg 80)

ssl_msg.c:4090: |1| mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)

ssl_cli.c:2069: |1| mbedtls_ssl_read_record() returned -30592 (-0x7780)

ssl_tls.c:5833: |2| <= handshake

ssl_msg.c:5940: |2| => write close notify

ssl_msg.c:5956: |2| <= write close notify

ssl_tls.c:6770: |2| => free

ssl_tls.c:6859: |2| <= free
5

Hi @roneld01!

Can you please check the new log?
Maybe you can point where is a source of the problem?

Thank you!

6

Hello @EvgeniyVasyliev,

FYI, when you try to click on Ron’s profile, nothing is shown. The support from Ron’s side ended with this post.

BR, Jan

7

Thank you for point, @JohnnyK !

Will try to write to mbed-tls@lists.trustedfirmware.org, maybe there someone will help. Otherwise, I have no choise than to look on some other SSL library.

8

Hi All. First time posting here. I just wanted to circle back on this topic. I was also receiving the 0x7780 error so I used SSL Labs Server Test per the suggestion from @roneld01

The server test came back good except that it was given a grade of B for certificate chain issues. I went to Sectigo and downloaded the intermediate cert and pasted below my server cert and BOOM! It was fixed.

I hope this helps someone.