Mbedtls_ssl_close_notify() not correctly cleanup up the handshake process

unknownissuer · August 2, 2018, 5:25pm

I am testing out re connection attempts with mbedTLS. To do this I physically disconnect my Ethernet and plug it back in.
When the Ethernet is physically disconnected the code calls mbedtls_ssl_close_notify() which returns 0.
The problem is when I try to do mbedtls_ssl_handshake() again the state of handshake is in MBEDTLS_SSL_HANDSHAKE_OVER. Thus, it never does the handshake because the method mbedtls_ssl_handshake() only does it if it’s handshake is NOT over.

To get the handshake to run again I have had to call mbedtls_ssl_session_reset() after I call mbedtls_ssl_close_notify() regardless of the mbedtls_ssl_close_notify() return code.

What is the correct process for disconnecting the TLS session?

roneld01 · August 5, 2018, 7:03am

Hi,
Since your connection was not gracefully closed, it is reasonable that the states would be undefined.

Your solution is valid, if you want to negotiate a new TLS handshake.
Have you considered doing session resumption? Please follow the ssl_client2 example on how it deals with reconnecting to a server.
Regards,
Mbed TLS Team member
Ron

Topic		Replies	Views
Correct closing connection & cleanup SSL Mbed TLS	3	4680	April 17, 2019
Session is not ressuming MbedTLS handshake problem Bug Reports / Issues mbed_tls	3	2126	December 15, 2019
Correct session closing procedure with mbedtls_ssl_close_notify() Mbed TLS	1	3415	May 7, 2019
MBedTLS connection resume Mbed TLS	1	1070	December 9, 2019
Mbedtls_ssl_read returns 0 can you explain how it's different from close notify Generic mbed_tls	1	4180	August 27, 2018

Mbedtls_ssl_close_notify() not correctly cleanup up the handshake process

Related topics