Mbedtls_ssl_close_notify() not correctly cleanup up the handshake process

I am testing out re connection attempts with mbedTLS. To do this I physically disconnect my Ethernet and plug it back in.
When the Ethernet is physically disconnected the code calls mbedtls_ssl_close_notify() which returns 0.
The problem is when I try to do mbedtls_ssl_handshake() again the state of handshake is in MBEDTLS_SSL_HANDSHAKE_OVER. Thus, it never does the handshake because the method mbedtls_ssl_handshake() only does it if it’s handshake is NOT over.

To get the handshake to run again I have had to call mbedtls_ssl_session_reset() after I call mbedtls_ssl_close_notify() regardless of the mbedtls_ssl_close_notify() return code.

What is the correct process for disconnecting the TLS session?

Since your connection was not gracefully closed, it is reasonable that the states would be undefined.

Your solution is valid, if you want to negotiate a new TLS handshake.
Have you considered doing session resumption? Please follow the ssl_client2 example on how it deals with reconnecting to a server.
Mbed TLS Team member