Failed handshake - Two Way handshake with ECC 384 Keys

Mbed TLS
1

Hi everyone,

I’m trying to establish a secure connection between an AWS MQTT endpoint and a ESP32 device, but the handshake fails.

A two way handshake is performed, with a CA bundle (for Trust Chain). Server hello gets done but the handshake fails in either client state 7 or 8, when the client presents its certificate.

We are using an ECC 384 key for the client and an ECC 521 key for the server. We haven’t had issues using RSA keys.

Other MQTT clients (with other TLS libraries) don’t have problems with ECC using the same certificates.

This is the log from the device (client):

I (40608) mbedtls: ssl_tls.c:8021 => handshake
I (40609) mbedtls: ssl_cli.c:3405 client state: 0
I (40609) mbedtls: ssl_tls.c:2751 => flush output
I (40614) mbedtls: ssl_tls.c:2763 <= flush output
I (40619) mbedtls: ssl_cli.c:3405 client state: 1
I (40625) mbedtls: ssl_tls.c:2751 => flush output
I (40630) mbedtls: ssl_tls.c:2763 <= flush output
I (40636) mbedtls: ssl_cli.c:774 => write client hello
D (40642) mbedtls: ssl_cli.c:812 client hello, max version: [3:3]
D (40648) mbedtls: ssl_cli.c:703 client hello, current time: 35
D (40655) mbedtls: ssl_cli.c:821 dumping 'client hello, random bytes' (32 bytes)
D (40662) mbedtls: ssl_cli.c:821 0000:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (40671) mbedtls: ssl_cli.c:821 0010:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (40681) mbedtls: ssl_cli.c:874 client hello, session id len.: 0
D (40687) mbedtls: ssl_cli.c:875 dumping 'client hello, session id' (0 bytes)
D (40695) mbedtls: ssl_cli.c:922 client hello, add ciphersuite: c02c
D (40701) mbedtls: ssl_cli.c:922 client hello, add ciphersuite: c030
.......
D (40996) mbedtls: ssl_cli.c:922 client hello, add ciphersuite: c004
D (41003) mbedtls: ssl_cli.c:922 client hello, add ciphersuite: c0a0
D (41009) mbedtls: ssl_cli.c:934 client hello, got 48 ciphersuites (excluding SCSVs)
D (41017) mbedtls: ssl_cli.c:943 adding EMPTY_RENEGOTIATION_INFO_SCSV
D (41024) mbedtls: ssl_cli.c:992 client hello, compress len.: 1
D (41030) mbedtls: ssl_cli.c:994 client hello, compress alg.: 0
D (41036) mbedtls: ssl_cli.c:69 client hello, adding server name extension: xxx.xxxx.xxx
D (41045) mbedtls: ssl_cli.c:186 client hello, adding signature_algorithms extension
D (41053) mbedtls: ssl_cli.c:271 client hello, adding supported_elliptic_curves extension
D (41061) mbedtls: ssl_cli.c:336 client hello, adding supported_point_formats extension
D (41069) mbedtls: ssl_cli.c:518 client hello, adding encrypt_then_mac extension
D (41077) mbedtls: ssl_cli.c:552 client hello, adding extended_master_secret extension
D (41085) mbedtls: ssl_cli.c:585 client hello, adding session ticket extension
D (41092) mbedtls: ssl_cli.c:1071 client hello, total extension length: 95
I (41099) mbedtls: ssl_tls.c:3180 => write handshake message
I (41108) mbedtls: ssl_tls.c:3337 => write record
D (41111) mbedtls: ssl_tls.c:3417 output record: msgtype = 22, version = [3:1], msglen = 238
I (41284) mbedtls: ssl_tls.c:2751 => flush output
I (41290) mbedtls: ssl_tls.c:2770 message length: 243, out_left: 243
I (41299) mbedtls: ssl_tls.c:2775 ssl->f_send() returned 243 (-0xffffff0d)
I (41305) mbedtls: ssl_tls.c:2803 <= flush output
I (41310) mbedtls: ssl_tls.c:3470 <= write record
I (41316) mbedtls: ssl_tls.c:3314 <= write handshake message
I (41322) mbedtls: ssl_cli.c:1106 <= write client hello
I (41328) mbedtls: ssl_cli.c:3405 client state: 2
I (41334) mbedtls: ssl_tls.c:2751 => flush output
I (41339) mbedtls: ssl_tls.c:2763 <= flush output
I (41345) mbedtls: ssl_cli.c:1499 => parse server hello
I (41351) mbedtls: ssl_tls.c:4305 => read record
I (41356) mbedtls: ssl_tls.c:2532 => fetch input
I (41362) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5
I (43700) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5
I (43701) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (43704) mbedtls: ssl_tls.c:2738 <= fetch input
D (43725) mbedtls: ssl_tls.c:4050 input record: msgtype = 22, version = [3:3], msglen = 87
I (43734) mbedtls: ssl_tls.c:2532 => fetch input
I (43739) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 92
I (43746) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 92
I (43752) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 87 (-0xffffffa9)
I (43760) mbedtls: ssl_tls.c:2738 <= fetch input
D (43832) mbedtls: ssl_tls.c:3620 handshake message: msglen = 87, type = 2, hslen = 87
I (43842) mbedtls: ssl_tls.c:4379 <= read record
D (43846) mbedtls: ssl_cli.c:1579 dumping 'server hello, version' (2 bytes)
D (43853) mbedtls: ssl_cli.c:1579 0000:  03 03                                            ..
D (43861) mbedtls: ssl_cli.c:1604 server hello, current time: 1571763635
D (43868) mbedtls: ssl_cli.c:1610 dumping 'server hello, random bytes' (32 bytes)
D (43876) mbedtls: ssl_cli.c:1610 0000:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (43886) mbedtls: ssl_cli.c:1610 0010:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (43895) mbedtls: ssl_cli.c:1690 server hello, session id len.: 32
D (43902) mbedtls: ssl_cli.c:1691 dumping 'server hello, session id' (32 bytes)
D (43909) mbedtls: ssl_cli.c:1691 0000:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (43919) mbedtls: ssl_cli.c:1691 0010:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (43929) mbedtls: ssl_cli.c:1729 no session has been resumed
D (43935) mbedtls: ssl_cli.c:1731 server hello, chosen ciphersuite: c02c
D (43942) mbedtls: ssl_cli.c:1732 server hello, compress alg.: 0
D (43948) mbedtls: ssl_cli.c:1764 server hello, chosen ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
I (43958) mbedtls: ssl_cli.c:1781 server hello, total extension length: 11
D (43966) mbedtls: ssl_cli.c:1880 found supported_point_formats extension
V (43973) mbedtls: ssl_cli.c:1292 point format selected: 0
D (43978) mbedtls: ssl_cli.c:1801 found renegotiation extension
I (43984) mbedtls: ssl_cli.c:1970 <= parse server hello
I (43991) mbedtls: ssl_cli.c:3405 client state: 3
I (43996) mbedtls: ssl_tls.c:2751 => flush output
I (44002) mbedtls: ssl_tls.c:2763 <= flush output
I (44007) mbedtls: ssl_tls.c:5440 => parse certificate
I (44013) mbedtls: ssl_tls.c:4305 => read record
I (44018) mbedtls: ssl_tls.c:2532 => fetch input
I (44024) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5
I (44030) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5
I (44036) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (44044) mbedtls: ssl_tls.c:2738 <= fetch input
D (44066) mbedtls: ssl_tls.c:4050 input record: msgtype = 22, version = [3:3], msglen = 3054
I (44074) mbedtls: ssl_tls.c:2532 => fetch input
I (44080) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 3059
I (44087) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 3059
I (44093) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 1323 (-0xfffffad5)
I (44811) mbedtls: ssl_tls.c:2717 in_left: 1328, nb_want: 3059
I (44812) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 1420 (-0xfffffa74)
I (46611) mbedtls: ssl_tls.c:2717 in_left: 2748, nb_want: 3059
I (46612) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 311 (-0xfffffec9)
I (46616) mbedtls: ssl_tls.c:2738 <= fetch input
D (48516) mbedtls: ssl_tls.c:3620 handshake message: msglen = 3054, type = 11, hslen = 3054
I (48527) mbedtls: ssl_tls.c:4379 <= read record
D (48534) mbedtls: ssl_tls.c:5650 peer certificate #1:
D (48536) mbedtls: ssl_tls.c:5650 cert. version     : 3
D (48540) mbedtls: ssl_tls.c:5650 serial number     : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48551) mbedtls: ssl_tls.c:5650 issuer name       : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48568) mbedtls: ssl_tls.c:5650 subject name      : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48584) mbedtls: ssl_tls.c:5650 issued  on        : XXXX-XX-XX XX:XX:XX
D (48591) mbedtls: ssl_tls.c:5650 expires on        : XXXX-XX-XX XX:XX:XX
D (48598) mbedtls: ssl_tls.c:5650 signed using      : ECDSA with SHA256
D (48604) mbedtls: ssl_tls.c:5650 EC key size       : 521 bits
D (48610) mbedtls: ssl_tls.c:5650 subject alt name  : 1.tcp.ngrok.io
D (48617) mbedtls: ssl_tls.c:5650 key usage         : Digital Signature, Key Encipherment, Key Agreement
D (48627) mbedtls: ssl_tls.c:5650 ext key usage     : TLS Web Server Authentication
D (48635) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(X)' (520 bits) is:
D (48642) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48650) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48657) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48665) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48673) mbedtls: ssl_tls.c:5650  XX
D (48677) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(Y)' (521 bits) is:
D (48684) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48692) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48699) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48707) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48715) mbedtls: ssl_tls.c:5650  XX XX
D (48719) mbedtls: ssl_tls.c:5650 peer certificate #2:
D (48725) mbedtls: ssl_tls.c:5650 cert. version     : 3
D (48730) mbedtls: ssl_tls.c:5650 serial number     : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48740) mbedtls: ssl_tls.c:5650 issuer name       : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48756) mbedtls: ssl_tls.c:5650 subject name      : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48774) mbedtls: ssl_tls.c:5650 issued  on        : XXXX-XX-XX XX:XX:XX
D (48781) mbedtls: ssl_tls.c:5650 expires on        : XXXX-XX-XX XX:XX:XX
D (48788) mbedtls: ssl_tls.c:5650 signed using      : ECDSA with SHA256
D (48795) mbedtls: ssl_tls.c:5650 EC key size       : 521 bits
D (48801) mbedtls: ssl_tls.c:5650 basic constraints : CA=true, max_pathlen=1
D (48808) mbedtls: ssl_tls.c:5650 subject alt name  :
D (48813) mbedtls: ssl_tls.c:5650 key usage         : Key Cert Sign, CRL Sign
D (48821) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(X)' (520 bits) is:
D (48828) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48836) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48843) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48851) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48859) mbedtls: ssl_tls.c:5650  XX
D (48863) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(Y)' (519 bits) is:
D (48870) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48878) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48886) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48893) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (48901) mbedtls: ssl_tls.c:5650  XX
D (48905) mbedtls: ssl_tls.c:5650 peer certificate #3:
D (48911) mbedtls: ssl_tls.c:5650 cert. version     : 3
D (48916) mbedtls: ssl_tls.c:5650 serial number     : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48926) mbedtls: ssl_tls.c:5650 issuer name       : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48942) mbedtls: ssl_tls.c:5650 subject name      : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (48959) mbedtls: ssl_tls.c:5650 issued  on        : XXXX-XX-XX XX:XX:XX
D (48966) mbedtls: ssl_tls.c:5650 expires on        : XXXX-XX-XX XX:XX:XX
D (48973) mbedtls: ssl_tls.c:5650 signed using      : ECDSA with SHA256
D (48979) mbedtls: ssl_tls.c:5650 EC key size       : 521 bits
D (48985) mbedtls: ssl_tls.c:5650 basic constraints : CA=true, max_pathlen=3
D (48993) mbedtls: ssl_tls.c:5650 subject alt name  :
D (48998) mbedtls: ssl_tls.c:5650 key usage         : Key Cert Sign, CRL Sign
D (49005) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(X)' (520 bits) is:
D (49013) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (49020) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (49028) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (49036) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (49044) mbedtls: ssl_tls.c:5650  XX
D (49048) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(Y)' (521 bits) is:
D (49055) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (49062) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (49070) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (49078) mbedtls: ssl_tls.c:5650  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (49086) mbedtls: ssl_tls.c:5650  XX XX
D (50173) mbedtls: ssl_tls.c:5805 Certificate verification flags clear
I (50174) mbedtls: ssl_tls.c:5810 <= parse certificate
I (50175) mbedtls: ssl_cli.c:3405 client state: 4
I (50181) mbedtls: ssl_tls.c:2751 => flush output
I (50186) mbedtls: ssl_tls.c:2763 <= flush output
I (50192) mbedtls: ssl_cli.c:2317 => parse server key exchange
I (50198) mbedtls: ssl_tls.c:4305 => read record
I (50204) mbedtls: ssl_tls.c:2532 => fetch input
I (50209) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5
I (50216) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5
I (50222) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (50230) mbedtls: ssl_tls.c:2738 <= fetch input
D (50251) mbedtls: ssl_tls.c:4050 input record: msgtype = 22, version = [3:3], msglen = 283
I (50260) mbedtls: ssl_tls.c:2532 => fetch input
I (50265) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 288
I (50272) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 288
I (50278) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 283 (-0xfffffee5)
I (50286) mbedtls: ssl_tls.c:2738 <= fetch input
D (50476) mbedtls: ssl_tls.c:3620 handshake message: msglen = 283, type = 12, hslen = 283
I (50485) mbedtls: ssl_tls.c:4379 <= read record
D (50490) mbedtls: ssl_cli.c:2391 dumping 'server key exchange' (279 bytes)
D (50497) mbedtls: ssl_cli.c:2391 0000:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50507) mbedtls: ssl_cli.c:2391 0010:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50517) mbedtls: ssl_cli.c:2391 0020:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50527) mbedtls: ssl_cli.c:2391 0030:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50537) mbedtls: ssl_cli.c:2391 0040:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50546) mbedtls: ssl_cli.c:2391 0050:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50556) mbedtls: ssl_cli.c:2391 0060:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50566) mbedtls: ssl_cli.c:2391 0070:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50576) mbedtls: ssl_cli.c:2391 0080:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50586) mbedtls: ssl_cli.c:2391 0090:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50596) mbedtls: ssl_cli.c:2391 00a0:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50605) mbedtls: ssl_cli.c:2391 00b0:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50615) mbedtls: ssl_cli.c:2391 00c0:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50625) mbedtls: ssl_cli.c:2391 00d0:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50635) mbedtls: ssl_cli.c:2391 00e0:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50645) mbedtls: ssl_cli.c:2391 00f0:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50655) mbedtls: ssl_cli.c:2391 0100:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50664) mbedtls: ssl_cli.c:2391 0110:  XX XX XX XX XX XX XX                             .......
I (50674) mbedtls: ssl_cli.c:2030 ECDH curve: secp521r1
D (50680) mbedtls: ssl_cli.c:2040 value of 'ECDH: Qp(X)' (521 bits) is:
D (50686) mbedtls: ssl_cli.c:2040  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (50694) mbedtls: ssl_cli.c:2040  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (50702) mbedtls: ssl_cli.c:2040  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (50710) mbedtls: ssl_cli.c:2040  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (50717) mbedtls: ssl_cli.c:2040  XX XX
D (50722) mbedtls: ssl_cli.c:2040 value of 'ECDH: Qp(Y)' (521 bits) is:
D (50728) mbedtls: ssl_cli.c:2040  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (50736) mbedtls: ssl_cli.c:2040  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (50744) mbedtls: ssl_cli.c:2040  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (50752) mbedtls: ssl_cli.c:2040  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (50759) mbedtls: ssl_cli.c:2040  99 54
I (50764) mbedtls: ssl_cli.c:2259 Server used SignatureAlgorithm 3
I (50771) mbedtls: ssl_cli.c:2260 Server used HashAlgorithm 6
D (50777) mbedtls: ssl_cli.c:2546 dumping 'signature' (138 bytes)
D (50783) mbedtls: ssl_cli.c:2546 0000:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50793) mbedtls: ssl_cli.c:2546 0010:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50803) mbedtls: ssl_cli.c:2546 0020:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50813) mbedtls: ssl_cli.c:2546 0030:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50823) mbedtls: ssl_cli.c:2546 0040:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50833) mbedtls: ssl_cli.c:2546 0050:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50842) mbedtls: ssl_cli.c:2546 0060:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50852) mbedtls: ssl_cli.c:2546 0070:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50862) mbedtls: ssl_cli.c:2546 0080:  XX XX XX XX XX XX XX XX XX XX                    ..........
D (50872) mbedtls: ssl_cli.c:2582 dumping 'parameters hash' (64 bytes)
D (50878) mbedtls: ssl_cli.c:2582 0000:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50888) mbedtls: ssl_cli.c:2582 0010:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50898) mbedtls: ssl_cli.c:2582 0020:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
D (50908) mbedtls: ssl_cli.c:2582 0030:  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX  ................
I (52011) mbedtls: ssl_cli.c:2617 <= parse server key exchange
I (52012) mbedtls: ssl_cli.c:3405 client state: 5
I (52013) mbedtls: ssl_tls.c:2751 => flush output
I (52018) mbedtls: ssl_tls.c:2763 <= flush output
I (52024) mbedtls: ssl_cli.c:2650 => parse certificate request
I (52030) mbedtls: ssl_tls.c:4305 => read record
I (52036) mbedtls: ssl_tls.c:2532 => fetch input
I (52041) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5
I (52048) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5
I (52053) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (52062) mbedtls: ssl_tls.c:2738 <= fetch input
D (52083) mbedtls: ssl_tls.c:4050 input record: msgtype = 22, version = [3:3], msglen = 983
I (52092) mbedtls: ssl_tls.c:2532 => fetch input
I (52097) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 988
I (52104) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 988
I (52110) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 983 (-0xfffffc29)
I (52118) mbedtls: ssl_tls.c:2738 <= fetch input
D (52741) mbedtls: ssl_tls.c:3620 handshake message: msglen = 983, type = 13, hslen = 983
I (52750) mbedtls: ssl_tls.c:4379 <= read record
D (52754) mbedtls: ssl_cli.c:2677 got a certificate request
D (52760) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 6,3
D (52767) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 6,1
D (52774) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 5,3
D (52781) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 5,1
D (52788) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 4,3
D (52795) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 4,1
D (52803) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 3,3
D (52810) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 3,1
D (52817) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 2,3
D (52824) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 2,1
D (52831) mbedtls: ssl_cli.c:2777 Supported Signature Algorithm found: 2,2
I (52838) mbedtls: ssl_cli.c:2799 <= parse certificate request
I (52845) mbedtls: ssl_cli.c:3405 client state: 6
I (52850) mbedtls: ssl_tls.c:2751 => flush output
I (52856) mbedtls: ssl_tls.c:2763 <= flush output
I (52861) mbedtls: ssl_cli.c:2809 => parse server hello done
I (52868) mbedtls: ssl_tls.c:4305 => read record
I (52873) mbedtls: ssl_tls.c:2532 => fetch input
I (52878) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5
I (52885) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5
I (52891) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (52899) mbedtls: ssl_tls.c:2738 <= fetch input
D (52920) mbedtls: ssl_tls.c:4050 input record: msgtype = 22, version = [3:3], msglen = 4
I (52929) mbedtls: ssl_tls.c:2532 => fetch input
I (52934) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 9
I (52941) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 9
I (52946) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 4 (-0xfffffffc)
I (52955) mbedtls: ssl_tls.c:2738 <= fetch input
D (52977) mbedtls: ssl_tls.c:3620 handshake message: msglen = 4, type = 14, hslen = 4
I (52985) mbedtls: ssl_tls.c:4379 <= read record
I (52990) mbedtls: ssl_cli.c:2839 <= parse server hello done
I (52997) mbedtls: ssl_cli.c:3405 client state: 7
I (53002) mbedtls: ssl_tls.c:2751 => flush output
I (53008) mbedtls: ssl_tls.c:2763 <= flush output
I (53013) mbedtls: ssl_tls.c:5323 => write certificate
D (53019) mbedtls: ssl_tls.c:5375 own certificate #1:
D (53026) mbedtls: ssl_tls.c:5375 cert. version     : 3
D (53030) mbedtls: ssl_tls.c:5375 serial number     : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (53041) mbedtls: ssl_tls.c:5375 issuer name       : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (53058) mbedtls: ssl_tls.c:5375 subject name      : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (53075) mbedtls: ssl_tls.c:5375 issued  on        : XXXX-XX-XX XX:XX:XX
D (53082) mbedtls: ssl_tls.c:5375 expires on        : XXXX-XX-XX XX:XX:XX
D (53089) mbedtls: ssl_tls.c:5375 signed using      : ECDSA with SHA256
D (53096) mbedtls: ssl_tls.c:5375 EC key size       : 384 bits
D (53102) mbedtls: ssl_tls.c:5375 subject alt name  :
D (53107) mbedtls: ssl_tls.c:5375 key usage         : Digital Signature, Key Encipherment, Key Agreement
D (53117) mbedtls: ssl_tls.c:5375 ext key usage     : TLS Web Client Authentication
D (53125) mbedtls: ssl_tls.c:5375 value of 'crt->eckey.Q(X)' (384 bits) is:
D (53132) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53140) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53148) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53155) mbedtls: ssl_tls.c:5375 value of 'crt->eckey.Q(Y)' (380 bits) is:
D (53163) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53170) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53178) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
I (53186) mbedtls: ssl_tls.c:3180 => write handshake message
I (53193) mbedtls: ssl_tls.c:3337 => write record
D (53198) mbedtls: ssl_tls.c:3417 output record: msgtype = 22, version = [3:3], msglen = 1065
I (53873) mbedtls: ssl_tls.c:2751 => flush output
I (53879) mbedtls: ssl_tls.c:2770 message length: 1070, out_left: 1070
I (53908) mbedtls: ssl_tls.c:2775 ssl->f_send() returned 1070 (-0xfffffbd2)
I (53909) mbedtls: ssl_tls.c:2803 <= flush output
I (53911) mbedtls: ssl_tls.c:3470 <= write record
I (53916) mbedtls: ssl_tls.c:3314 <= write handshake message
I (53923) mbedtls: ssl_tls.c:5427 <= write certificate
I (53929) mbedtls: ssl_cli.c:3405 client state: 8
I (53934) mbedtls: ssl_tls.c:2751 => flush output
I (53940) mbedtls: ssl_tls.c:2763 <= flush output
I (53945) mbedtls: ssl_cli.c:2851 => write client key exchange
D (54474) mbedtls: ssl_cli.c:2916 value of 'ECDH: Q(X)' (521 bits) is:
D (54475) mbedtls: ssl_cli.c:2916  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (54478) mbedtls: ssl_cli.c:2916  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (54486) mbedtls: ssl_cli.c:2916  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (54494) mbedtls: ssl_cli.c:2916  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (54501) mbedtls: ssl_cli.c:2916  XX XX
D (54506) mbedtls: ssl_cli.c:2916 value of 'ECDH: Q(Y)' (521 bits) is:
D (54512) mbedtls: ssl_cli.c:2916  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (54520) mbedtls: ssl_cli.c:2916  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (54528) mbedtls: ssl_cli.c:2916  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (54536) mbedtls: ssl_cli.c:2916  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (54543) mbedtls: ssl_cli.c:2916  XX XX
D (55067) mbedtls: ssl_cli.c:2928 value of 'ECDH: z' (521 bits) is:
D (55068) mbedtls: ssl_cli.c:2928  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (55071) mbedtls: ssl_cli.c:2928  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (55079) mbedtls: ssl_cli.c:2928  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (55086) mbedtls: ssl_cli.c:2928  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (55094) mbedtls: ssl_cli.c:2928  XX XX
I (55098) mbedtls: ssl_tls.c:3180 => write handshake message
I (55105) mbedtls: ssl_tls.c:3337 => write record
D (55110) mbedtls: ssl_tls.c:3417 output record: msgtype = 22, version = [3:3], msglen = 138
I (55215) mbedtls: ssl_tls.c:2751 => flush output
I (55221) mbedtls: ssl_tls.c:2770 message length: 143, out_left: 143
I (55229) mbedtls: ssl_tls.c:2775 ssl->f_send() returned -80 (-0x0050)
W (55235) mbedtls: ssl_tls.c:3466 mbedtls_ssl_flush_output() returned -80 (-0x0050)
W (55244) mbedtls: ssl_tls.c:3309 ssl_write_record() returned -80 (-0x0050)
W (55251) mbedtls: ssl_cli.c:3089 mbedtls_ssl_write_handshake_msg() returned -80 (-0x0050)
I (55261) mbedtls: ssl_tls.c:8031 <= handshake
E (55266) esp-tls: mbedtls_ssl_handshake returned -0x50
E (55282) esp-tls: Failed to open new connection
E (55283) TRANS_SSL: Failed to open a new connection
E (55283) MQTT_CLIENT: Error transport connect
E (55288) mqtt_event_handler: Disconnected

Then we have the log from the server:

Acceptable client certificate CA names
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX + OU = XXXXXXX + OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX, OU = XXXXXXX, OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX + OU = XXXXXXX + OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX + OU = XXXXXXX + OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX + OU = XXXXXXX + OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4342 bytes and written 431 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 521 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-AES256-GCM-SHA384
    Session-ID: A76D351566E53FBB8545ACDADBD1EDB6086DBF8D8D49BB272CEF0D701143FD78
    Session-ID-ctx: 
    Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1571786143
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
    Extended master secret: no
---

I have tried to update the mbedTLS version, but it doesn’t seems to fix anything. I’m still trying some theories.

The mbedTLS branch I was working on is: mbedtls-2.13.1-idf (19eb57f7f7b2f4312d497ddbcb5f104fc6877c70)

Any idea on how to solve this issue?

Thank you all!

2

Hi @AIMA9115
According to this post:

Even if AWS says it supports ECDSA, when I disable RSA cipersuites, leaving only ECDSA, the AWS server replies with a fatal alert (Handshake Failure).

So it is quite possible that the ECC certificate is not expected.

Anyway, in the server logs I see the following:

Verification error: self signed certificate in certificate chain

This probably means that the root certificate of your client should not be self signed. You client certificate should be signed by a CA trusted by the AWS MQTT server.
Regards,
Mbed TLS Support
Ron

3

Thank you @roneld01, we also have tried the same thing using AWS trusted CAs. There is a handshake failure. If what you say is true, why using exactly the same key pair certificates and CA in other tls clients don’t produce the same failure?

4

Hi @AIMA9115

If what you say is true, why using exactly the same key pair certificates and CA in other tls clients don’t produce the same failure?

The logs indicate a failure in the server side. Since the certificate information was masked out in the logs, it’s difficult to answer this. Have you checked the logs of the successful TLS connections?

Have you checked the certificate chains in both the successful and failed connections?
What’s all the issuer and subkject CN?
What’s the list of “Acceptable client certificate CA names” in the server logs?
What’s the certificate you set in your client as the client certificate? Is it only the client certificate chain, that is signed by the AWS accepted CA, without the root self signed certificate?
Regards

5

@roneld01, you are right, there is masked information in the logs I posted. Attached you will find some certificates we are using in production. The CA chain has both, self signed and CA trusted certificates. In our implementation we need to trust the devices that connect to the server and the devices need to trust the server. The client certificates are indeed self singed (but haven’t had issues using other clients).

There are another set of certificates ECC 384, CA trusted by AWS (no self signed) that also have the same problem.

Maybe I haven’t configure the mbedTLS library properly. I will keep working on it and update the post as soon as I find something new.

Our certificate endopoint: mqtt.outsafe.io
AWS certificate endpoint: a3bdavijkahzf2-ats.iot.us-west-2.amazonaws.com

Certificates can be found here

Thank you again @roneld01, I will much appreciate your comments on this.

Regards

6

Hi Agustin,

Maybe I haven’t configure the mbedTLS library properly. I will keep working on it and update the post as soon as I find something new.

Perhaps, but for that I will need to look at full logs, without masking the certificates.
Specifically, at the moment, what’s shown in the logs:

D (53019) mbedtls: ssl_tls.c:5375 own certificate #1:
D (53026) mbedtls: ssl_tls.c:5375 cert. version     : 3
D (53030) mbedtls: ssl_tls.c:5375 serial number     : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (53041) mbedtls: ssl_tls.c:5375 issuer name       : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (53058) mbedtls: ssl_tls.c:5375 subject name      : C=XX, ST=XXXXXXXX, L=XXXXXX, postalCode=XXXXX, O=XXXXX, OU=XX + OU=XXXXXXX + OU=XXXXXXXXX, CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
D (53075) mbedtls: ssl_tls.c:5375 issued  on        : XXXX-XX-XX XX:XX:XX
D (53082) mbedtls: ssl_tls.c:5375 expires on        : XXXX-XX-XX XX:XX:XX
D (53089) mbedtls: ssl_tls.c:5375 signed using      : ECDSA with SHA256
D (53096) mbedtls: ssl_tls.c:5375 EC key size       : 384 bits
D (53102) mbedtls: ssl_tls.c:5375 subject alt name  :
D (53107) mbedtls: ssl_tls.c:5375 key usage         : Digital Signature, Key Encipherment, Key Agreement
D (53117) mbedtls: ssl_tls.c:5375 ext key usage     : TLS Web Client Authentication
D (53125) mbedtls: ssl_tls.c:5375 value of 'crt->eckey.Q(X)' (384 bits) is:
D (53132) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53140) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53148) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53155) mbedtls: ssl_tls.c:5375 value of 'crt->eckey.Q(Y)' (380 bits) is:
D (53163) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53170) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
D (53178) mbedtls: ssl_tls.c:5375  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
I (53186) mbedtls: ssl_tls.c:3180 => write handshake message

And, in the server logs, what are the acceptable client certificate CA names:

C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX + OU = XXXXXXX + OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX, OU = XXXXXXX, OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX + OU = XXXXXXX + OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX + OU = XXXXXXX + OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C = XX, ST = XXXXXXXX, L = XXXXXX, postalCode = XXXXX, O = XXXXXXXXXXXXX, OU = XX + OU = XXXXXXX + OU = XXXXXXXXX, CN = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

What’s the certificate you set in the function mbedtls_ssl_conf_own_cert() (no need ot share the key)
Regards

7

Hi Ron, thank you,

This is the unmasked certificate data from the logs,

D (23196) mbedtls: ssl_tls.c:5375 own certificate #1:
D (23203) mbedtls: ssl_tls.c:5375 cert. version     : 3
D (23207) mbedtls: ssl_tls.c:5375 serial number     : 47:F4:89:DF:7E:EA:3F:55:2C:E7:17:88:92:BF:49:DE:26:CA:F1:79
D (23217) mbedtls: ssl_tls.c:5375 issuer name       : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=Outsafe Devices Intermediate Authority
D (23235) mbedtls: ssl_tls.c:5375 subject name      : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=1e09d88a-fe8e-4dee-90b9-6297088ff3de
D (23252) mbedtls: ssl_tls.c:5375 issued  on        : 2019-10-02 23:35:35
D (23259) mbedtls: ssl_tls.c:5375 expires on        : 2020-10-01 23:36:05
D (23266) mbedtls: ssl_tls.c:5375 signed using      : ECDSA with SHA256
D (23273) mbedtls: ssl_tls.c:5375 EC key size       : 384 bits
D (23279) mbedtls: ssl_tls.c:5375 subject alt name  : 1e09d88a-fe8e-4dee-90b9-6297088ff3de
D (23287) mbedtls: ssl_tls.c:5375 key usage         : Digital Signature, Key Encipherment, Key Agreement
D (23297) mbedtls: ssl_tls.c:5375 ext key usage     : TLS Web Client Authentication
D (23305) mbedtls: ssl_tls.c:5375 value of 'crt->eckey.Q(X)' (384 bits) is:
D (23312) mbedtls: ssl_tls.c:5375  ed b7 4c e7 4a 4a d4 ee a4 61 22 8b 4c c9 62 11
D (23320) mbedtls: ssl_tls.c:5375  ed 09 c0 c0 d3 ab 1a 3a 21 ce 16 24 9f 5a dc 2e
D (23327) mbedtls: ssl_tls.c:5375  43 4e 54 ac 12 19 59 30 dd 3d 80 56 4f c7 b7 f4
D (23335) mbedtls: ssl_tls.c:5375 value of 'crt->eckey.Q(Y)' (382 bits) is:
D (23342) mbedtls: ssl_tls.c:5375  3b 34 01 6e 5e 70 3e 52 61 e7 e6 bd ff 9a 26 d8
D (23350) mbedtls: ssl_tls.c:5375  39 30 10 c3 c2 3a 84 c2 b5 be ce f1 08 ff 5b 7b
D (23358) mbedtls: ssl_tls.c:5375  1d 8e 76 9c de 03 ae e3 63 c2 e3 55 3a 95 c5 a5

The acceptable client certificate CA names:

Acceptable client certificate CA names

C = US, ST = Delaware, L = Newark, postalCode = 19702, O = Rocaccion Inc, OU = IT + OU = OUTSAFE + OU = ROCACCION, CN = Outsafe Provision Intermediate Authority
C = US, ST = Delaware, L = Newark, postalCode = 19702, O = Rocaccion Inc, OU = IT, OU = OUTSAFE, OU = ROCACCION, CN = Outsafe Endpoints Intermediate Authority
C = US, ST = Delaware, L = Newark, postalCode = 19702, O = Rocaccion Inc, OU = IT + OU = OUTSAFE + OU = ROCACCION, CN = Outsafe Devices Intermediate Authority
C = US, ST = Delaware, L = Newark, postalCode = 19702, O = Rocaccion Inc, OU = IT + OU = OUTSAFE + OU = ROCACCION, CN = Outsafe Raw Devices Intermediate Authority
C = US, ST = Delaware, L = Newark, postalCode = 19702, O = Rocaccion Inc, OU = IT + OU = OUTSAFE + OU = ROCACCION, CN = Rocaccion Outsafe Root CA
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
8

Hi @AIMA9115
It is strange, since your client certificate is not self signed, and it’s CA certificate is is set in the server as an acceptable CA name
To rule out that the issue is in the CA bundle, could you try setting in the server only the CA certificate with subject “ROCACCION, CN=Outsafe Endpoints Intermediate Authority”?
It is

-----BEGIN CERTIFICATE-----
MIIEWDCCA7mgAwIBAgIUek8+I7Bk+sZ1Hl9NQLbCzBO7msYwCgYIKoZIzj0EAwIw
gb8xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhEZWxhd2FyZTEPMA0GA1UEBxMGTmV3
YXJrMQ4wDAYDVQQREwUxOTcwMjEWMBQGA1UEChMNUm9jYWNjaW9uIEluYzELMAkG
A1UECxMCSVQxEDAOBgNVBAsTB09VVFNBRkUxEjAQBgNVBAsTCVJPQ0FDQ0lPTjEx
MC8GA1UEAxMoT3V0c2FmZSBFbmRwb2ludHMgSW50ZXJtZWRpYXRlIEF1dGhvcml0
eTAeFw0xOTA5MTAxNTA1MjdaFw00ODA5MDIxNTA1NTdaMIG5MQswCQYDVQQGEwJV
UzERMA8GA1UECBMIRGVsYXdhcmUxDzANBgNVBAcTBk5ld2FyazEOMAwGA1UEERMF
MTk3MDIxFjAUBgNVBAoTDVJvY2FjY2lvbiBJbmMxLTAJBgNVBAsTAklUMA4GA1UE
CxMHT1VUU0FGRTAQBgNVBAsTCVJPQ0FDQ0lPTjEvMC0GA1UEAxMmT3V0c2FmZSBE
ZXZpY2VzIEludGVybWVkaWF0ZSBBdXRob3JpdHkwgZswEAYHKoZIzj0CAQYFK4EE
ACMDgYYABACD8KzNpfMFa39BCP/EvEl7TfnPVfAubP8fN68Y0B4wcRK3mPb7/++Y
6TcBY3wWAl03a4hmr7Ay4XxtEginzw0VqQHd4SF7LX1EDrTIDPKAKnMjQRg5peXP
XzpmzfJnVlXvgTX4kbMTAObHO1naet/LOiHSW2JCves0xO7Msy9CGrgu96OCAVIw
ggFOMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQW
BBSLdfyfK4Gpf3EYsuyUEVAZmLPGvzAfBgNVHSMEGDAWgBRQoe/hButZw9OpNdMX
jANVv7VI+jCBhAYIKwYBBQUHAQEEeDB2MDoGCCsGAQUFBzABhi5odHRwczovL3Zh
dWx0Lm91dHNhZmUuaW8vdjEvcGtpLWVuZHBvaW50cy9vY3NwMDgGCCsGAQUFBzAC
hixodHRwczovL3ZhdWx0Lm91dHNhZmUuaW8vdjEvcGtpLWVuZHBvaW50cy9jYTAh
BgNVHREEGjAYgRZzb2Z0d2FyZUByb2NhY2Npb24uY29tMD4GA1UdHwQ3MDUwM6Ax
oC+GLWh0dHBzOi8vdmF1bHQub3V0c2FmZS5pby92MS9wa2ktZW5kcG9pbnRzL2Ny
bDAKBggqhkjOPQQDAgOBjAAwgYgCQgF/YvpD/QTJkfSnjDM4oIyFwZhoaIi/s3BN
pZ35n39lTnpXdVH4bDsjz/yxZyKQaD0mfe0ICjsQ7zEmL+XYhBUZewJCAQVrFQfm
1LuTRXTUxYVMLCDEdiJ1cLUpKh+PE1lDqZEW4Fy2pP5kgQtSvrEIZw5AG4B4aR44
zKlQ0UnBJGhdRGhd
-----END CERTIFICATE-----

Could you please show the certificates being sent by the server to your device? I doubt this is the issue, though.
Regards

9

Hi Ron,

These are the certificates sent by the server to the device, before we change the CA,

D (18703) mbedtls: ssl_tls.c:5650 peer certificate #1:
D (18706) mbedtls: ssl_tls.c:5650 cert. version     : 3
D (18710) mbedtls: ssl_tls.c:5650 serial number     : 35:1E:D2:59:9B:A0:CD:B6:23:B8:A7:76:EC:DD:95:E2:51:4D:6D:D7
D (18720) mbedtls: ssl_tls.c:5650 issuer name       : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT, OU=OUTSAFE, OU=ROCACCION, CN=Outsafe Endpoints Intermediate Authority
D (18738) mbedtls: ssl_tls.c:5650 subject name      : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=mqtt.outsafe.io
D (18753) mbedtls: ssl_tls.c:5650 issued  on        : 2019-10-12 19:46:35
D (18760) mbedtls: ssl_tls.c:5650 expires on        : 2021-09-11 19:47:05
D (18767) mbedtls: ssl_tls.c:5650 signed using      : ECDSA with SHA256
D (18774) mbedtls: ssl_tls.c:5650 EC key size       : 521 bits
D (18780) mbedtls: ssl_tls.c:5650 subject alt name  : mqtt.outsafe.io, vernemq.dependencies.svc.cluster.local
D (18790) mbedtls: ssl_tls.c:5650 key usage         : Digital Signature, Key Encipherment, Key Agreement
D (18800) mbedtls: ssl_tls.c:5650 ext key usage     : TLS Web Server Authentication
D (18808) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(X)' (521 bits) is:
D (18815) mbedtls: ssl_tls.c:5650  01 3a 35 4b b4 69 c7 37 3b e9 9b 32 be 8f d5 0f
D (18822) mbedtls: ssl_tls.c:5650  c5 15 e0 be 8b b1 2b 7b 49 c7 04 54 b8 5b e9 98
D (18830) mbedtls: ssl_tls.c:5650  2d 9b e0 f6 03 e2 be 4f 91 d8 2d f7 6c 56 a0 af
D (18838) mbedtls: ssl_tls.c:5650  87 f6 6f b6 f0 5d 23 14 40 48 79 3a ec dd bd 92
D (18846) mbedtls: ssl_tls.c:5650  ce 57
D (18850) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(Y)' (520 bits) is:
D (18857) mbedtls: ssl_tls.c:5650  b1 c3 40 c2 aa 95 f3 db 8d 17 a4 03 40 35 fa 08
D (18865) mbedtls: ssl_tls.c:5650  62 8c 29 34 1b 91 a1 45 d0 86 87 29 8c dd c3 ac
D (18872) mbedtls: ssl_tls.c:5650  52 26 04 12 73 f0 1e 84 11 ff 3c 72 56 dc 76 02
D (18880) mbedtls: ssl_tls.c:5650  8c 6b 56 53 d6 75 62 5c 7b 41 42 57 cb f7 75 b1
D (18888) mbedtls: ssl_tls.c:5650  2b
D (18892) mbedtls: ssl_tls.c:5650 peer certificate #2:
D (18898) mbedtls: ssl_tls.c:5650 cert. version     : 3
D (18903) mbedtls: ssl_tls.c:5650 serial number     : 5F:55:98:31:25:B7:DF:26:D9:6E:7D:C3:DA:44:3E:AE:8C:78:03:8E
D (18913) mbedtls: ssl_tls.c:5650 issuer name       : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=Rocaccion Outsafe Root CA
D (18929) mbedtls: ssl_tls.c:5650 subject name      : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT, OU=OUTSAFE, OU=ROCACCION, CN=Outsafe Endpoints Intermediate Authority
D (18947) mbedtls: ssl_tls.c:5650 issued  on        : 2019-09-10 15:05:25
D (18954) mbedtls: ssl_tls.c:5650 expires on        : 2049-09-02 15:05:55
D (18961) mbedtls: ssl_tls.c:5650 signed using      : ECDSA with SHA256
D (18968) mbedtls: ssl_tls.c:5650 EC key size       : 521 bits
D (18974) mbedtls: ssl_tls.c:5650 basic constraints : CA=true, max_pathlen=1
D (18981) mbedtls: ssl_tls.c:5650 subject alt name  :
D (18986) mbedtls: ssl_tls.c:5650 key usage         : Key Cert Sign, CRL Sign
D (18994) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(X)' (512 bits) is:
D (19001) mbedtls: ssl_tls.c:5650  e5 78 6d d3 9b cf 8a 03 64 32 1a 3e 76 a7 08 aa
D (19009) mbedtls: ssl_tls.c:5650  82 10 9c 0e 06 57 48 43 94 01 84 d8 c2 84 66 61
D (19016) mbedtls: ssl_tls.c:5650  4e c1 1f cb 23 f7 0d b2 e7 38 b1 51 b7 af 75 89
D (19024) mbedtls: ssl_tls.c:5650  ba c1 3e 38 af a7 f3 a8 6e 81 80 5e 71 f9 07 08
D (19032) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(Y)' (521 bits) is:
D (19039) mbedtls: ssl_tls.c:5650  01 e0 ac fd 98 1b 8f b0 67 b1 6d fd 10 40 3d 74
D (19047) mbedtls: ssl_tls.c:5650  f1 61 b2 cc a3 c0 db 2e 61 5a ae 48 b8 e3 0a b8
D (19054) mbedtls: ssl_tls.c:5650  cc 9d 3b a3 b6 61 cb 9e 53 16 43 e3 16 58 f9 e3
D (19062) mbedtls: ssl_tls.c:5650  1e 1f fc 63 08 b7 98 47 68 a8 89 64 2b b3 bb 1a
D (19070) mbedtls: ssl_tls.c:5650  3d bd
D (19074) mbedtls: ssl_tls.c:5650 peer certificate #3:
D (19080) mbedtls: ssl_tls.c:5650 cert. version     : 3
D (19085) mbedtls: ssl_tls.c:5650 serial number     : 69:67:A7:5B:E1:E2:33:7A:AB:9A:AD:80:CC:E2:D3:6A:6E:31:00:44
D (19095) mbedtls: ssl_tls.c:5650 issuer name       : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=Rocaccion Outsafe Root CA
D (19112) mbedtls: ssl_tls.c:5650 subject name      : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=Rocaccion Outsafe Root CA
D (19128) mbedtls: ssl_tls.c:5650 issued  on        : 2019-09-10 15:05:17
D (19135) mbedtls: ssl_tls.c:5650 expires on        : 2050-09-02 15:05:47
D (19142) mbedtls: ssl_tls.c:5650 signed using      : ECDSA with SHA256
D (19149) mbedtls: ssl_tls.c:5650 EC key size       : 521 bits
D (19155) mbedtls: ssl_tls.c:5650 basic constraints : CA=true, max_pathlen=3
D (19162) mbedtls: ssl_tls.c:5650 subject alt name  :
D (19167) mbedtls: ssl_tls.c:5650 key usage         : Key Cert Sign, CRL Sign
D (19175) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(X)' (521 bits) is:
D (19182) mbedtls: ssl_tls.c:5650  01 e6 57 dd dc 53 57 b5 b9 ad d2 47 a9 a5 98 f3
D (19190) mbedtls: ssl_tls.c:5650  fc ba cf 7a d7 18 6f 4b 9e 3b 2f ed b8 37 98 cc
D (19197) mbedtls: ssl_tls.c:5650  6f 10 e9 41 a7 1e 13 83 d8 7d e9 2a 85 21 1f 2d
D (19205) mbedtls: ssl_tls.c:5650  10 10 2f 78 99 70 70 e9 22 23 e7 28 58 96 86 5b
D (19213) mbedtls: ssl_tls.c:5650  c3 90
D (19217) mbedtls: ssl_tls.c:5650 value of 'crt->eckey.Q(Y)' (515 bits) is:
D (19224) mbedtls: ssl_tls.c:5650  07 9b dc 69 86 7f d0 9b 4d 76 4f 6f e8 88 a7 0e
D (19232) mbedtls: ssl_tls.c:5650  2b 6d d7 63 8b 26 d7 39 8d 45 ff d3 b5 64 ce 72
D (19240) mbedtls: ssl_tls.c:5650  7d 74 3e bc a9 64 17 60 67 94 e8 eb 76 5b a5 1c
D (19248) mbedtls: ssl_tls.c:5650  01 05 c9 4f 19 a6 16 e8 6f 49 fc 6b 85 63 97 66
D (19255) mbedtls: ssl_tls.c:5650  95
D (20349) mbedtls: ssl_tls.c:5805 Certificate verification flags clear

We’ve set the CA you suggested with the same results. The negotiation is terminated at client state 8, these are the certificates sent by the server:

D (34934) mbedtls: ssl_tls.c:5606 peer certificate #1:
D (34938) mbedtls: ssl_tls.c:5606 cert. version     : 3
D (34942) mbedtls: ssl_tls.c:5606 serial number     : 76:19:29:7B:BA:3D:F5:CC:86:55:49:08:01:AE:04:3B:1E:5A:C4:8E
D (34953) mbedtls: ssl_tls.c:5606 issuer name       : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT, OU=OUTSAFE, OU=ROCACCION, CN=Outsafe Endpoints Intermediate Authority
D (34970) mbedtls: ssl_tls.c:5606 subject name      : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=mqtt.outsafe.io
D (34986) mbedtls: ssl_tls.c:5606 issued  on        : 2019-10-29 19:02:04
D (34993) mbedtls: ssl_tls.c:5606 expires on        : 2020-10-28 19:02:34
D (35000) mbedtls: ssl_tls.c:5606 signed using      : ECDSA with SHA256
D (35007) mbedtls: ssl_tls.c:5606 EC key size       : 256 bits
D (35013) mbedtls: ssl_tls.c:5606 subject alt name  : mqtt.outsafe.io, vernemq.dependencies.svc.cluster.local
D (35023) mbedtls: ssl_tls.c:5606 key usage         : Digital Signature, Key Encipherment, Key Agreement
D (35032) mbedtls: ssl_tls.c:5606 ext key usage     : TLS Web Server Authentication
D (35040) mbedtls: ssl_tls.c:5606 value of 'crt->eckey.Q(X)' (256 bits) is:
D (35047) mbedtls: ssl_tls.c:5606  97 65 08 be 5b 9c a5 32 df 52 4f 5c de 31 38 82
D (35055) mbedtls: ssl_tls.c:5606  23 60 6a 51 5b 9a e8 d4 e8 0f c4 db 71 86 2d 38
D (35063) mbedtls: ssl_tls.c:5606 value of 'crt->eckey.Q(Y)' (256 bits) is:
D (35070) mbedtls: ssl_tls.c:5606  8a bc fb d7 ff 63 42 e5 11 82 8d 42 65 44 e2 97
D (35078) mbedtls: ssl_tls.c:5606  29 99 9c 36 9f 51 bb 1b 58 f7 e9 00 8c 8f e1 ef
D (36234) mbedtls: ssl_tls.c:5856 Certificate verification flags clear

and this is the acceptable client certificate names:

Acceptable client certificate CA names
C = US, ST = Delaware, L = Newark, postalCode = 19702, O = Rocaccion Inc, OU = IT + OU = OUTSAFE + OU = ROCACCION, CN = Outsafe Devices Intermediate Authority

Client still has the a certifcate with CN = Outsafe Devices Intermediate Authority

D (37556) mbedtls: ssl_tls.c:5381 own certificate #1:
D (37563) mbedtls: ssl_tls.c:5381 cert. version     : 3
D (37567) mbedtls: ssl_tls.c:5381 serial number     : 78:17:54:5B:83:32:0C:BC:90:08:31:CA:52:C2:DD:1C:3B:5F:01:2E
D (37577) mbedtls: ssl_tls.c:5381 issuer name       : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=Outsafe Devices Intermediate Authority
D (37595) mbedtls: ssl_tls.c:5381 subject name      : C=US, ST=Delaware, L=Newark, postalCode=19702, O=Rocaccion Inc, OU=IT + OU=OUTSAFE + OU=ROCACCION, CN=1e09d88a-fe8e-4dee-90b9-6297088ff3de

Regards!

10

Hi Agustin,
Thanks for sharing.
Since the failure is happening in the server, it would be help if the servers logs could be added as well.
In this last case, there doesn’t seem to be a self signed certificate anywhere, so I wonder what the failure is currently.
Regards

11

Hi Ron!

We have found a shortcut for our issue.

Since we haven’t been able to debug the ssl handshake implementation of VerneMQ server and see what’s what, I decided to try and by pass the session layer using stunnel, because surprisingly using the test server openssl s_server the two way handshake worked.

There was a misunderstanding from our part and the server logs I presented at first, those weren’t the actual server logs, so we don’t know what’s going on in the server, that’s when I tried openssl s_server and found that mbedTLS works in an OpenSSL server.

Regards!

12

Hi @AIMA9115

, I decided to try and by pass the session layer using stunnel, because surprisingly using the test server openssl s_server the two way handshake worked.

I don’t think it’s surprising, since the openssl s_server should work with Mbed TLS.
The reason for your failure is probably some missing configuration on your original server.
I am not sure what your shortcut is. Could you please elaborate? I would like to verify there isn’t a backdoor in your workaround.
Regards