Mbedtls_ssl_handshake errors "connection was reset by peer"

Mbed TLS
1

Currently, I’m using mbedtls version 2.16.3. I have come across a rare error that mbedtls_ssl_handshake return error “connection was reset by peer”. The percentage of this error is quite low, around 1-2% and often occur in bad network condition (bad but still able to perform ping).

I also notice that every time handshake takes more than 5s, this error occurs, I have never seen this error with handshake time less than 5s.
Have a look in the source, I found that read()/write() function in the lib received this error while trying to transfer data through the socket. I also capture the Wireshark and saw many retransmission packets and RST packets being sent during this period.

My question is that what might cause this issue? Is this issue related to some kind of handshake timeout?
Here is the error log:

Thu 04/23/20 21:42:06 ssl_tls.c:8084: => handshake                                                                                                                   
Thu 04/23/20 21:42:06  ssl_cli.c:3535: ________[0]  MBEDTLS_SSL_HELLO_REQUEST   
....
Thu 04/23/20 21:42:07  ssl_cli.c:3535: ________[11]  MBEDTLS_SSL_CLIENT_FINISHED                                                                                                                        
Thu 04/23/20 21:42:07  ssl_tls.c:6398: => write finished    
Thu 04/23/20 21:42:07  ssl_tls.c:6223: => calc  finished tls sha256    
Thu 04/23/20 21:42:07  ssl_tls.c:6247: dumping 'calc finished result' (12 bytes)    
Thu 04/23/20 21:42:07  ssl_tls.c:6247: 0000:  a1 10 39 5f 63 61 d2 1e dc 04 bd e5              ..9_ca......    
Thu 04/23/20 21:42:07  ssl_tls.c:6253: <= calc  finished    
Thu 04/23/20 21:42:07  ssl_tls.c:3343: => write record    
Thu 04/23/20 21:42:07  ssl_tls.c:1781: <= encrypt buf    
Thu 04/23/20 21:42:07  ssl_tls.c:3423: output record: msgtype = 22, version = [3:3], msglen = 80    
Thu 04/23/20 21:42:07  ssl_tls.c:2755: => flush output    
Thu 04/23/20 21:42:07  ssl_tls.c:2779: ssl->f_send() returned 85 (-0xffffffab)    
Thu 04/23/20 21:42:07  ssl_tls.c:2807: <= flush output    
Thu 04/23/20 21:42:07  ssl_tls.c:3476: <= write record    
Thu 04/23/20 21:42:07  ssl_cli.c:3535: ________[12]  MBEDTLS_SSL_SERVER_CHANGE_CIPHE^M    
Thu 04/23/20 21:42:07  ssl_tls.c:2755: => flush output    
Thu 04/23/20 21:42:07  ssl_tls.c:2767: <= flush output    
Thu 04/23/20 21:42:07  ssl_tls.c:5902: => parse change cipher spec    
Thu 04/23/20 21:42:07  ssl_tls.c:2536: => fetch input    
Thu 04/23/20 21:42:07  ssl_tls.c:2697: in_left: 0, nb_want: 5    
Thu 04/23/20 21:42:11  ssl_tls.c:2721: in_left: 0, nb_want: 5    
Thu 04/23/20 21:42:11  ssl_tls.c:2722: ssl->f_recv(_timeout)() returned -80 (-0x0050)    
Thu 04/23/20 21:42:11  ssl_tls.c:4973: mbedtls_ssl_fetch_input() returned -80 (-0x0050)    
Thu 04/23/20 21:42:11  ssl_tls.c:4344: ssl_get_next_record() returned -80 (-0x0050)    
Thu 04/23/20 21:42:11  ssl_tls.c:5906: mbedtls_ssl_read_record() returned -80 (-0x0050)    
Thu 04/23/20 21:42:11  ssl_tls.c:8094: <= handshake    
Thu 04/23/20 21:42:11  mbedtls_ssl_handshake error : NET - Connection was reset by peer
2

Hi @sinhviencodon
As mentioned here , Mbed TLS is now maintained under open governance at TrustedFirmware.org .

The Mbed TLS support forum will now handle only issues encountered on Mbed OS and Pelion Device Management.

Please address all Mbed TLS core issues to the project’s mailing list at mbed-tls@lists.trustedfirmware.org.

Regards,
Mbed support
Ron