Mbedtls - DTLS - SSL - None of the common Ciphersuites is usable

septls · July 2, 2020, 5:42pm

Hallo,
I am trying to make a DTLS server with mbedtls. I am testing it with the Qt DTLS Client example.
I created Test Certificates and CA for it.

The Debug Output is saying:

> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-RSA-WITH-AES-256-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-RSA-WITH-AES-128-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-PSK-WITH-AES-256-GCM-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-PSK-WITH-AES-256-CBC-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-PSK-WITH-AES-256-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-PSK-WITH-AES-128-GCM-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-PSK-WITH-AES-128-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-DHE-PSK-WITH-AES-128-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-WITH-AES-256-GCM-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-WITH-AES-256-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-WITH-AES-256-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-WITH-AES-128-GCM-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-WITH-AES-128-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-WITH-AES-128-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0718: 0000007B472FECC0: ciphersuite requires certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0722: 0000007B472FECC0: server has no certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0909: 0000007B472FECC0: ciphersuite mismatch: no suitable certificate
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-PSK-WITH-AES-256-GCM-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-PSK-WITH-AES-256-CBC-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-PSK-WITH-AES-256-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-PSK-WITH-AES-128-GCM-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-PSK-WITH-AES-128-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-RSA-PSK-WITH-AES-128-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-PSK-WITH-CHACHA20-POLY1305-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-PSK-WITH-AES-256-GCM-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-PSK-WITH-AES-256-CBC-SHA384
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-PSK-WITH-AES-256-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-PSK-WITH-AES-128-GCM-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-PSK-WITH-AES-128-CBC-SHA256
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0820: 0000007B472FECC0: trying ciphersuite: TLS-PSK-WITH-AES-128-CBC-SHA
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:0874: 0000007B472FECC0: ciphersuite mismatch: no pre-shared key
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_srv.c:1985: 0000007B472FECC0: got ciphersuites in common, but none of them usable
> C:\portable\vcpkg-master\buildtrees\mbedtls\src\tls-2.16.3-26b16440ea\library\ssl_tls.c:5250: 0000007B472FECC0: => send alert message

My Server.hpp is following

#pragma once

#include<mbedtls/config.h>
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
#include<mbedtls/entropy.h>
#include<mbedtls/ctr_drbg.h>
#include<mbedtls/certs.h>
#include<mbedtls/x509.h>
#include<mbedtls/ssl.h>
#include<mbedtls/ssl_cookie.h>
#include<mbedtls/net_sockets.h>
#include<mbedtls/error.h>
#include<mbedtls/timing.h>
#include<KoalaSSH/errors.hpp>
#include<Utils/Cleaner.hpp>
#include<string>
#include<mbedtls/debug.h>
#ifdef _DEBUG
#include<iostream>
#endif

namespace koala::Network::DTLS {
	class Server
	{
	private:
		mbedtls_net_context listen_fd;
		mbedtls_net_context client_fd;
		mbedtls_ssl_cookie_ctx cookie_ctx;
		mbedtls_entropy_context entropy;
		mbedtls_ctr_drbg_context ctr_drbg;
		mbedtls_ssl_context ssl;
		mbedtls_ssl_config conf;
		mbedtls_x509_crt serverCert;
		mbedtls_x509_crl cacrl;
		mbedtls_pk_context serverPKey;
		mbedtls_timing_delay_context timer;
		SSH::SSH_Error rc;
		bool check(int errCode);
	public:
		Server(const std::string& cert, const std::pair<std::string,std::string>& key, const std::string& ca, const std::string& crl);
		virtual ~Server();

		void bind(const std::string& ip, uint16_t port);

		void accept();
	};
}

my Server.cpp is following:

#include "Server.hpp"
#include<mbedtls/platform.h>
void my_debug(void* ctx, int level,
	const char* file, int line,
	const char* str)
{
	((void)level);

	mbedtls_fprintf((FILE*)ctx, "%s:%04d: %s", file, line, str);
	fflush((FILE*)ctx);
}

bool koala::Network::DTLS::Server::check(int errCode)
{
	
	if (errCode != 0) {
		utils::Cleaner cleaner;
		char* strbuf = utils::alloc<char>(512, cleaner);
		mbedtls_strerror(errCode, strbuf, 512);
		this->rc = SSH::SSH_Error(errCode, __FILE__, __FUNCTION__, __LINE__, std::string(strbuf));
		return true;
	}
	return false;
}

koala::Network::DTLS::Server::Server(const std::string& cert, const std::pair<std::string, std::string>& key, const std::string& ca, const std::string& crl)
{
	mbedtls_debug_set_threshold(5);
	mbedtls_net_init(&this->listen_fd);
	mbedtls_net_init(&this->client_fd);
	mbedtls_ssl_init(&this->ssl);
	mbedtls_ssl_config_init(&this->conf);
	mbedtls_ssl_cookie_init(&this->cookie_ctx);
	mbedtls_x509_crt_init(&this->serverCert);
	mbedtls_x509_crl_init(&this->cacrl);
	mbedtls_pk_init(&this->serverPKey);
	mbedtls_entropy_init(&this->entropy);
	mbedtls_ctr_drbg_init(&this->ctr_drbg);

	auto ret = mbedtls_x509_crt_parse_file(&this->serverCert, cert.c_str());
	if (this->check(ret))
		return;
	ret = mbedtls_x509_crt_parse_file(&this->serverCert, ca.c_str());
	if (this->check(ret))
		return;
	if (!crl.empty()) {
		ret = mbedtls_x509_crl_parse_file(&this->cacrl, crl.c_str());
		if (this->check(ret))
			return;
	}
	ret = mbedtls_pk_parse_keyfile(&this->serverPKey, key.first.c_str(), key.second.c_str());
	if (this->check(ret))
		return;
	mbedtls_ssl_conf_dbg(&this->conf, my_debug, stdout);
}

koala::Network::DTLS::Server::~Server()
{
}

void koala::Network::DTLS::Server::bind(const std::string& ip, uint16_t port)
{
	auto ret = mbedtls_net_bind(&this->listen_fd, ip.c_str(), std::to_string(port).c_str(),MBEDTLS_NET_PROTO_UDP);
	if (this->check(ret))
		return;
	const char* custom = "DTLS Server";
	ret = mbedtls_ctr_drbg_seed(&this->ctr_drbg, mbedtls_entropy_func, &this->entropy, reinterpret_cast<const uint8_t*>(custom), sizeof("DTLS_SERVER"));
	if (this->check(ret))
		return;

	ret = mbedtls_ssl_config_defaults(&this->conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT);
	if (this->check(ret))
		return;

	mbedtls_ssl_conf_rng(&this->conf, mbedtls_ctr_drbg_random, &this->ctr_drbg);
	mbedtls_ssl_conf_ca_chain(&this->conf, this->serverCert.next, &this->cacrl);
	ret = mbedtls_ssl_cookie_setup(&this->cookie_ctx, mbedtls_ctr_drbg_random, &this->ctr_drbg);
	if (this->check(ret))
		return;
	mbedtls_ssl_conf_dtls_cookies(&this->conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &this->cookie_ctx);
	ret = mbedtls_ssl_setup(&this->ssl, &this->conf);
	if (this->check(ret))
		return;
	mbedtls_ssl_set_timer_cb(&this->ssl, &this->timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay);
	mbedtls_net_free(&this->client_fd);
	mbedtls_ssl_session_reset(&this->ssl);
}

void koala::Network::DTLS::Server::accept()
{
	utils::Cleaner cleaner;
	auto* clip = utils::alloc<char>(120, cleaner);
	auto* size = utils::alloc<std::size_t>(cleaner);
	auto ret = mbedtls_net_accept(&this->listen_fd, &this->client_fd, clip, 120, size);
	if (this->check(ret))
		return;
	mbedtls_ssl_set_bio(&this->ssl, &this->client_fd, mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
	do {
		ret = mbedtls_ssl_handshake(&this->ssl);
		char* buf = utils::alloc<char>(1024);
		mbedtls_strerror(ret, buf, 1024);
		std::cout << buf;
	} while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE);

	if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
		return; //ERROR make again
	}

	auto* buf = utils::alloc<uint8_t>(2048, cleaner);
	while (true) {
		std::vector<uint8_t> vec;
		do {
			ret = mbedtls_ssl_read(&this->ssl, buf, 2048);
			if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
				vec.insert(vec.end(), buf, buf + 2048);
			if (ret > 0)
				vec.insert(vec.end(), buf, buf + ret);
		} while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE);
		if (ret <= 0) {
			switch (ret) {
			case MBEDTLS_ERR_SSL_TIMEOUT:
				return;
			case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
				return;
			default:
				return;
			}
		}
		uint8_t* response = (uint8_t*)"ACK";
		ret = mbedtls_ssl_write(&this->ssl, response, sizeof("ACK"));
	}
}

and my main.cpp

#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"Debug\\Utils.lib")
#pragma comment(lib,"mbedtls.lib")
#pragma comment(lib,"mbedcrypto.lib")
#pragma comment(lib,"mbedx509.lib")
#pragma comment(lib,"pthreadVC3d.lib")

#include"Server.hpp"


int main() {
	mbedtls_debug_set_threshold(5);
	WSADATA data;
	WSAStartup(MAKEWORD(2, 0), &data);
	using namespace koala::Network::DTLS;
	Server serv(R"(C:\certs\koala\Koala384Server.crt)", { "c:\\certs\\koala\\testServer.key","" }, R"(c:\certs\koala\Koala384CA.crt)", "");
	serv.bind("127.0.0.1", 444);
	serv.accept();
	system("pause");
	WSACleanup();
}

Why is mbedtls refusing connection?

Topic		Replies	Views
Please help me find out why mbedtls_ssl_handshake（）failed! Mbed TLS mbed_client , mbed_tls	5	6569	April 12, 2020
Missing cipher suite Mbed TLS	1	471	May 12, 2023
Issue: unexpected ciphers / not supported curve Crypto and SSL questions	2	2176	June 3, 2019
MBEDTLS TLS1_3 AES_256_GCM_SHA384 PSK hash algo mismatch Crypto and SSL questions mbed_tls	0	516	January 17, 2023
TLS handshake issue Generic mbed_client , mbed_tls	5	5240	October 7, 2018

Mbedtls - DTLS - SSL - None of the common Ciphersuites is usable

Related topics