Handshake issue when connecting to AWS IoT Core

Mbed TLS Crypto and SSL questions
1

Hi,

I am getting a TLS Handshake failure when connecting to the AWS IoT Core. I suspect it is a crypto suite issues but am not sure. AWS IoT supports the following certificate-signing algorithms:

  • SHA256WITHRSA
  • SHA384WITHRSA
  • SHA384WITHRSA
  • SHA512WITHRSA
  • RSASSAPSS
  • ECDSA-WITH-SHA256
  • ECDSA-WITH-SHA384
  • ECDSA-WITH-SHA512

7 5490 [MQTTEcho] MQTT echo attempting to connect to a2p67rp7svr7t3-ats.iot.us-east-1.amazonaws.com.
8 5499 [MQTTEcho] Sending command to MQTT task.
9 5503 [MQTT] Received message 10000 from queue.
10 17491 [NIFMAN] Network is down
11 90099 [NIFMAN] Network is up
12 90102 [MQTT] Modem is up…
13 91550 [MQTT] mbedTLS: |2| => handshake
14 91554 [MQTT] mbedTLS: |2| client state: 0
15 91558 [MQTT] mbedTLS: |2| => flush outpu
16 91562 [MQTT] mbedTLS: |2| <= flush outpu
17 91566 [MQTT] mbedTLS: |2| client state: 1
18 91571 [MQTT] mbedTLS: |2| => flush outpu
19 91575 [MQTT] mbedTLS: |2| <= flush outpu
20 91579 [MQTT] mbedTLS: |2| => write client hello
21 91584 [MQTT] mbedTLS: |3| client hello, max version: [3:3]
22 91590 [MQTT] mbedTLS: |3| dumping ‘client hello, random bytes’ (32 bytes)
23 91597 [MQTT] mbedTLS: |3| 0000: 9b d2 39 a2 f2 72 6c 22 c4 4d 48 3b 93 6b 7a 1f …9…rl".MH;.kz.
24 91607 [MQTT] mbedTLS: |3| 0010: ef e9 77 37 db 55 ac 40 40 7a 98 8a fa 8d 4c ec …w7.U.@@z…L.
25 91616 [MQTT] mbedTLS: |3| client hello, session id len.: 0
26 91622 [MQTT] mbedTLS: |3| dumping ‘client hello, session id’ (0 bytes)
27 91628 [MQTT] mbedTLS: |3| client hello, add ciphersuite: c00a
28 91634 [MQTT] mbedTLS: |3| client hello, add ciphersuite: c014
29 91640 [MQTT] mbedTLS: |3| client hello, add ciphersuite: c02b
30 91646 [MQTT] mbedTLS: |3| client hello, add ciphersuite: c02f
31 91652 [MQTT] mbedTLS: |3| client hello, add ciphersuite: c023
32 91658 [MQTT] mbedTLS: |3| client hello, add ciphersuite: c027
33 91664 [MQTT] mbedTLS: |3| client hello, add ciphersuite: c009
34 91670 [MQTT] mbedTLS: |3| client hello, add ciphersuite: c013
35 91676 [MQTT] mbedTLS: |3| client hello, got 9 ciphersuites
36 91682 [MQTT] mbedTLS: |3| client hello, compress len.: 1
37 91687 [MQTT] mbedTLS: |3| client hello, compress alg.: 0
38 91693 [MQTT] mbedTLS: |3| client hello, adding server name extension: a2p67rp7svr7t3-ats.iot.us-east-39 91702 [MQTT] mbedTLS: |3| client hello, adding signature_algorithms extension
40 91710 [MQTT] mbedTLS: |3| client hello, adding supported_elliptic_curves extension
41 91717 [MQTT] mbedTLS: |3| client hello, adding supported_point_formats extension
42 91725 [MQTT] mbedTLS: |3| client hello, adding encrypt_then_mac extension
43 91732 [MQTT] mbedTLS: |3| client hello, adding extended_master_secret extension
44 91740 [MQTT] mbedTLS: |3| client hello, total extension length: 91
45 91746 [MQTT] mbedTLS: |2| => write record
46 91751 [MQTT] mbedTLS: |3| output record: msgtype = 22, version = [3:1], msglen = 154
47 91759 [MQTT] mbedTLS: |4| dumping ‘output record sent to network’ (159 bytes)
48 91766 [MQTT] mbedTLS: |4| 0000: 16 03 01 00 9a 01 00 00 96 03 03 9b d2 39 a2 f2 …9…
49 91776 [MQTT] mbedTLS: |4| 0010: 72 6c 22 c4 4d 48 3b 93 6b 7a 1f ef e9 77 37 db rl".MH;.kz…w7.
50 91785 [MQTT] mbedTLS: |4| 0020: 55 ac 40 40 7a 98 8a fa 8d 4c ec 00 00 12 c0 0a U.@@z…L…
51 91795 [MQTT] mbedTLS: |4| 0030: c0 14 c0 2b c0 2f c0 23 c0 27 c0 09 c0 13 00 ff …+./.#.'…
52 91804 [MQTT] mbedTLS: |4| 0040: 01 00 00 5b 00 00 00 33 00 31 00 00 2e 61 32 70 …[…3.1…a2p
53 91813 [MQTT] mbedTLS: |4| 0050: 36 37 72 70 37 73 76 72 37 74 33 2d 61 74 73 2e 67rp7svr7t3-ats.
54 91823 [MQTT] mbedTLS: |4| 0060: 69 6f 74 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d iot.us-east-1.am
55 91832 [MQTT] mbedTLS: |4| 0070: 61 7a 6f 6e 61 77 73 2e 63 6f 6d 00 0d 00 0a 00 azonaws.com
56 91842 [MQTT] mbedTLS: |4| 0080: 08 04 03 04 01 03 03 03 01 00 0a 00 04 00 02 00 …
57 91851 [MQTT] mbedTLS: |4| 0090: 17 00 0b 00 02 01 00 00 16 00 00 00 17 00 00 …
58 91860 [MQTT] mbedTLS: |2| => flush outpu
59 91865 [MQTT] mbedTLS: |2| message length: 159, out_left: 159
60 91890 [MQTT] mbedTLS: |2| ssl->f_send() returned 159 (-0xffffff61)
61 91896 [MQTT] mbedTLS: |2| <= flush outpu
62 91900 [MQTT] mbedTLS: |2| <= write record
63 91904 [MQTT] mbedTLS: |2| <= write client hello
64 91909 [MQTT] mbedTLS: |2| client state: 2
65 91913 [MQTT] mbedTLS: |2| => flush outpu
66 91917 [MQTT] mbedTLS: |2| <= flush outpu
67 91922 [MQTT] mbedTLS: |2| => parse server hello
68 91926 [MQTT] mbedTLS: |2| => read record
69 91930 [MQTT] mbedTLS: |2| => fetch inpu
70 91934 [MQTT] mbedTLS: |2| in_left: 0, nb_want: 5
71 92490 [MQTT] mbedTLS: |2| in_left: 0, nb_want: 5
72 92495 [MQTT] mbedTLS: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
73 92502 [MQTT] mbedTLS: |2| <= fetch inpu
74 92506 [MQTT] mbedTLS: |4| dumping ‘input record header’ (5 bytes)
75 92512 [MQTT] mbedTLS: |4| 0000: 16 03 03 14 e1 …
76 92521 [MQTT] mbedTLS: |3| input record: msgtype = 22, version = [3:3], msglen = 5345
77 92528 [MQTT] mbedTLS: |2| => fetch inpu
78 92533 [MQTT] mbedTLS: |2| in_left: 5, nb_want: 5350
79 92664 [MQTT] mbedTLS: |2| in_left: 5, nb_want: 5350
80 92669 [MQTT] mbedTLS: |2| ssl->f_recv(_timeout)() returned 1333 (-0xfffffacb)
81 92712 [MQTT] mbedTLS: |2| in_left: 1338, nb_want: 5350
82 92718 [MQTT] mbedTLS: |2| ssl->f_recv(_timeout)() returned -1 (-0x0001)
83 92724 [MQTT] mbedTLS: |1| mbedtls_ssl_fetch_input() returned -1 (-0x0001)
84 92731 [MQTT] mbedTLS: |1| mbedtls_ssl_read_record_layer() returned -1 (-0x0001)
85 92739 [MQTT] mbedTLS: |1| mbedtls_ssl_read_record() returned -1 (-0x0001)
86 92746 [MQTT] mbedTLS: |2| <= handshake
87 92751 [MQTT] TLS Handshake failed
88 92755 [MQTT] About to close socket.
89 92758 [MQTT] mbedTLS: |2| => write close notify
90 92763 [MQTT] mbedTLS: |2| <= write close notify
91 92768 [MQTT] mbedTLS: |2| => free
92 92776 [MQTT] mbedTLS: |2| <= free
93 102786 [MQTT] Socket closed.
94 102792 [MQTT] Stack high watermark for MQTT task: 1545
95 102798 [MQTT] Notifying task.
96 102801 [MQTTEcho] Command sent to MQTT task failed.
97 102806 [MQTTEcho] ERROR: MQTT echo failed to connect.
98 102811 [MQTTEcho] MQTT echo test could not connect to broker.
99 102817 [MQTTEcho] Sending command to MQTT task.
100 102822 [MQTT] Received message 20000 from queue.
101 102827 [MQTT] Notifying task.
102 102830 [MQTTEcho] Command sent to MQTT task passed.
103 102835 [MQTTEcho] MQTT echo demo finished.

2

What does the return code -1 mean in your receive callback function?