Arm Mbed and Pelion Device Management support forum

MBEDTLS HANDSHAKE_FAILURE on STM3210C board

Hi, I’m trying to establish TLS communication with my local mosquitto broker.
The handshake always fails, the broker does not accept the hello client and I cannot understand why …
Below the decoded messages that pass over the network.
Messages are captured with wireshark:

Secure Sockets Layer
----TLSv1.2 Record Layer: Handshake Protocol: Client Hello
--------Content Type: Handshake (22)
--------Version: TLS 1.2 (0x0303)
--------Length: 81
--------Handshake Protocol: Client Hello
------------Handshake Type: Client Hello (1)
------------Length: 77
------------Version: TLS 1.2 (0x0303)
------------Random
------------Session ID Length: 0
------------Cipher Suites Length: 6
------------Cipher Suites (3 suites)
----------------Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
----------------Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
----------------Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
------------Compression Methods Length: 1
------------Compression Methods (1 method)
----------------Compression Method: null (0)
------------Extensions Length: 30
------------Extension: signature_algorithms
----------------Type: signature_algorithms (0x000d)
----------------Length: 10
----------------Signature Hash Algorithms Length: 8
----------------Signature Hash Algorithms (4 algorithms)
--------------------Signature Hash Algorithm: 0x0603
--------------------Signature Hash Algorithm: 0x0503
--------------------Signature Hash Algorithm: 0x0403
--------------------Signature Hash Algorithm: 0x0303
------------Extension: elliptic_curves
----------------Type: elliptic_curves (0x000a)
----------------Length: 6
----------------Elliptic Curves Length: 4
----------------Elliptic curves (2 curves)
--------------------Elliptic curve: secp384r1 (0x0018)
--------------------Elliptic curve: secp256r1 (0x0017)
------------Extension: ec_point_formats
----------------Type: ec_point_formats (0x000b)
----------------Length: 2
----------------EC point formats Length: 1
----------------Elliptic curves point formats (1)
--------------------EC point format: uncompressed (0)

config.h is the “suite-b” proposed by Mbed …
I also tried to configure the mosquitto broker with “ciphers ALL” but nothing changed …

The broker’s response is always the following:

Secure Sockets Layer
----TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
--------Content Type: Alert (21)
--------Version: TLS 1.2 (0x0303)
--------Length: 2
--------Alert Message
------------Level: Fatal (2)
------------Description: Handshake Failure (40)

is there anyone who can help me?

Hi @techfor
Have you checked that your broker supports these ciphersuites?

Have you checked your server with the SSL Labs test ? This should show you the supported ciphersuites.
Regards,
Mbed TLS Support
Ron