Mbedtls_ssl_close_notify() not correctly cleanup up the handshake process

unknownissuer · August 2, 2018, 5:25pm

I am testing out re connection attempts with mbedTLS. To do this I physically disconnect my Ethernet and plug it back in.
When the Ethernet is physically disconnected the code calls mbedtls_ssl_close_notify() which returns 0.
The problem is when I try to do mbedtls_ssl_handshake() again the state of handshake is in MBEDTLS_SSL_HANDSHAKE_OVER. Thus, it never does the handshake because the method mbedtls_ssl_handshake() only does it if it’s handshake is NOT over.

To get the handshake to run again I have had to call mbedtls_ssl_session_reset() after I call mbedtls_ssl_close_notify() regardless of the mbedtls_ssl_close_notify() return code.

What is the correct process for disconnecting the TLS session?

roneld01 · August 5, 2018, 7:03am

Hi,
Since your connection was not gracefully closed, it is reasonable that the states would be undefined.

Your solution is valid, if you want to negotiate a new TLS handshake.
Have you considered doing session resumption? Please follow the ssl_client2 example on how it deals with reconnecting to a server.
Regards,
Mbed TLS Team member
Ron

Topic		Replies	Views
Correct session closing procedure with mbedtls_ssl_close_notify() Mbed TLS	1	3213	May 7, 2019
Correct closing connection & cleanup SSL Mbed TLS	3	4419	April 17, 2019
Does mbedtls_ssl_handshake_step == OK guarantee MBEDTLS_SSL_HANDSHAKE_OVER? Mbed TLS mbed_tls	0	411	January 19, 2022
System hangs when TLSSocketWrapper::close() is called after ethernet cable is unplugged Mbed OS	0	294	January 19, 2022
Mbedtls_ssl_close_notify takes more than 30 seconds if a delay is not provided before the function Mbed TLS mbed_tls	0	149	February 27, 2024

Mbedtls_ssl_close_notify() not correctly cleanup up the handshake process

Related topics