I have a non-mbedTLS client talking to my mbedTLS server with these Client Hello parameters:
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Algorithm: ecdsa_sha1 (0x0203)
My mbedTLS server is throwing a “got ciphersuites in common but none of them usable” error because Supported Elliptic Curves and Supported Points Format are missing from the Client Hello extensions. Isn’t it optional for the Client Hello to have these extensions?
According to RFC8422 Section 4. TLS Extensions for ECC:
“A client that proposes ECC cipher suites may choose not to include these extensions. In this case, the server is free to choose any one of the elliptic curves or point formats listed in Section 5.”