Arm Mbed and Pelion Device Management support forum


Hi, I’m trying to establish TLS communication with my local mosquitto broker.
The handshake always fails, the broker does not accept the hello client and I cannot understand why …
Below the decoded messages that pass over the network.
Messages are captured with wireshark:

Secure Sockets Layer
----TLSv1.2 Record Layer: Handshake Protocol: Client Hello
--------Content Type: Handshake (22)
--------Version: TLS 1.2 (0x0303)
--------Length: 81
--------Handshake Protocol: Client Hello
------------Handshake Type: Client Hello (1)
------------Length: 77
------------Version: TLS 1.2 (0x0303)
------------Session ID Length: 0
------------Cipher Suites Length: 6
------------Cipher Suites (3 suites)
----------------Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
----------------Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
----------------Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
------------Compression Methods Length: 1
------------Compression Methods (1 method)
----------------Compression Method: null (0)
------------Extensions Length: 30
------------Extension: signature_algorithms
----------------Type: signature_algorithms (0x000d)
----------------Length: 10
----------------Signature Hash Algorithms Length: 8
----------------Signature Hash Algorithms (4 algorithms)
--------------------Signature Hash Algorithm: 0x0603
--------------------Signature Hash Algorithm: 0x0503
--------------------Signature Hash Algorithm: 0x0403
--------------------Signature Hash Algorithm: 0x0303
------------Extension: elliptic_curves
----------------Type: elliptic_curves (0x000a)
----------------Length: 6
----------------Elliptic Curves Length: 4
----------------Elliptic curves (2 curves)
--------------------Elliptic curve: secp384r1 (0x0018)
--------------------Elliptic curve: secp256r1 (0x0017)
------------Extension: ec_point_formats
----------------Type: ec_point_formats (0x000b)
----------------Length: 2
----------------EC point formats Length: 1
----------------Elliptic curves point formats (1)
--------------------EC point format: uncompressed (0)

config.h is the “suite-b” proposed by Mbed …
I also tried to configure the mosquitto broker with “ciphers ALL” but nothing changed …

The broker’s response is always the following:

Secure Sockets Layer
----TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
--------Content Type: Alert (21)
--------Version: TLS 1.2 (0x0303)
--------Length: 2
--------Alert Message
------------Level: Fatal (2)
------------Description: Handshake Failure (40)

is there anyone who can help me?

Hi @techfor
Have you checked that your broker supports these ciphersuites?

Have you checked your server with the SSL Labs test ? This should show you the supported ciphersuites.
Mbed TLS Support