In addition to what has correctly mentioned by @gopi219 , you could use a ciphersuite that doesn’t use certificates ( PSK based certificate), depending on your use case and threat model. If your threat model requires you to authenticate the client(by not setting
MBEDTLS_SSL_VERIFY_NONE in your serer authentication configuration ), you will need to set the client certificate to send to server.
openssl s_client help command, you will see you need to consider the following parameters:
-cert arg - certificate file to use, PEM format assumed
-certform arg - certificate format (PEM or DER) PEM default
-key arg - Private key file to use, in cert file if
not specified but cert file is.
-keyform arg - key format (PEM or DER) PEM default
Since you are using the Mbed TLS test certificates you should probably use
I suggest you read https://tls.mbed.org/kb/development/debugging-tls to help you debug your server issues, and extract server logs, so you would understand what cause the server to send the unexpected message error.
Mbed TLS Team member