Mbedtls_ssl_handshake failed

Mbed TLS Crypto and SSL questions
, ,
1

Hello Team,

I am trying to connect my server through ssl. But it is getting fail.   I don't know what is it error. Please look it once.

This is my debug info.

. Seeding the random number generator…
ok
. Loading the CA root certificate … ok (1 skipped)

. Connecting to tcp/localhost/443…
ok
. Setting up the SSL/TLS structure… ok
. Performing the SSL/TLS handshake…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:6754: => handshake
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:3384: client state: 0
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2471: => flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2483: <= flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:3384: client state: 1
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2471: => flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2483: <= flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0770: => write client hello
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0808: client hello, max version: [3:3]
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0703: client hello, current time: 0
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0817: dumping ‘client hello, random bytes’ (32 bytes)
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0817: 0000: 00 00 00 00 b3 d9 0a e4 62 27 93 cf 93 5e 31 a2 …b’…^1.
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0817: 0010: fe fb 43 d2 73 0f 61 66 a8 be d0 93 94 30 e9 73 …C.s.af…0.s
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0870: client hello, session id len.: 0
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0871: dumping ‘client hello, session id’ (0 bytes)
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0918: client hello, add ciphersuite: c02c
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0918: client hello, add ciphersuite: c02b
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0925: client hello, got 2 ciphersuites (excluding SCSVs)
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0934: adding EMPTY_RENEGOTIATION_INFO_SCSV
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0983: client hello, compress len.: 1
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0985: client hello, compress alg.: 0
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0186: client hello, adding signature_algorithms extension
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0271: client hello, adding supported_elliptic_curves extension
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:0336: client hello, adding supported_point_formats extension
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:1059: client hello, total extension length: 38
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2764: => write record
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2910: output record: msgtype = 22, version = [3:3], msglen = 89
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: dumping ‘output record sent to network’ (94 bytes)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: 0000: 16 03 03 00 59 01 00 00 55 03 03 00 00 00 00 b3 …Y…U…
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: 0010: d9 0a e4 62 27 93 cf 93 5e 31 a2 fe fb 43 d2 73 …b’…^1…C.s
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: 0020: 0f 61 66 a8 be d0 93 94 30 e9 73 00 00 06 c0 2c .af…0.s…,
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: 0030: c0 2b 00 ff 01 00 00 26 00 0d 00 12 00 10 06 03 .+…&…
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: 0040: 06 01 05 03 05 01 04 03 04 01 03 03 03 01 00 0a …
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: 0050: 00 06 00 04 00 18 00 17 00 0b 00 02 01 00 …
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2471: => flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2490: message length: 94, out_left: 94
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2496: ssl->f_send() returned 94 (-0xffffffa2)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2523: <= flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2922: <= write record
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:1085: <= write client hello
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:3384: client state: 2
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2471: => flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2483: <= flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:1478: => parse server hello
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3809: => read record
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2252: => fetch input
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2413: in_left: 0, nb_want: 5
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2437: in_left: 0, nb_want: 5
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2438: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2458: <= fetch input
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3552: dumping ‘input record header’ (5 bytes)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3552: 0000: 15 03 03 00 02 …
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3561: input record: msgtype = 21, version = [3:3], msglen = 2
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2252: => fetch input
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2413: in_left: 5, nb_want: 7
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2437: in_left: 5, nb_want: 7
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2438: ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2458: <= fetch input
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3738: dumping ‘input record from network’ (7 bytes)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3738: 0000: 15 03 03 00 02 02 28 …(
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:4100: got an alert message, type: [2:40]
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:4108: is a fatal alert message (msg 40)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3831: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
…\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c:1485: mbedtls_ssl_read_record() returned -30592 (-0x7780)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:6764: <= handshake
failed
! mbedtls_ssl_handshake returned -0x7780

Thanks

2

Hi @Rajkumar181
Thank you for your question and interest in Mbed TLS!

The error you are receiving is:

./strerror -0x7780
Last error was: -0x7780 - SSL - A fatal alert message was received from our peer

As you can see in the log, you got a fatal alert from the server, after your client sent the ClientHello message. This is probably because the server can’t accept one of the requirement given by the client for a successful handshake, whether it is the ciphersuites, or the supported elliptic curves.
I see in the log that you only support two ciphersuites: MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 .
Is it possible that the server only has RSA signed certificates, and thus can’t do a successful handshake with your client? Have you tried the default ciphersuite list to check what’s the negotiated ciphersuite?
Have you read this article?

Regards,
Mbed TLS Team member
Ron

3

Thanks Ron for reply,

Have you tried the default ciphersuite list to check what’s the negotiated ciphersuite?
How to set default ciphersuite? Please suggest me .

Have you read this article ?
Yes .

I am using STM32f429zi and i am trying to configure the mbedtls through STM32CubeMx. Shall is share my mbedtls_config file?

4

In order to use default ciphersuite list, you should undefine MBEDTLS_SSL_CIPHERSUITES in your configuration file

5

I try with undefined MBEDTLS_SSL_CIPHERSUITES but it is behaving same.

This is my configuration:----

#define MBEDTLS_CONFIG_H

#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
#endif

#define MBEDTLS_HAVE_ASM

#define MBEDTLS_NO_UDBL_DIVISION

#define MBEDTLS_HAVE_TIME

#define MBEDTLS_ENTROPY_HARDWARE_ALT

#define MBEDTLS_AES_ROM_TABLES

#define MBEDTLS_CIPHER_MODE_CBC

#define MBEDTLS_CIPHER_MODE_CFB

#define MBEDTLS_CIPHER_MODE_CTR

#define MBEDTLS_CIPHER_MODE_OFB

#define MBEDTLS_CIPHER_MODE_XTS

#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS

#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES

#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES

#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE448_ENABLED

#define MBEDTLS_ECP_NIST_OPTIM

#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED

#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED

#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED

#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED

#define MBEDTLS_NO_PLATFORM_ENTROPY

#define MBEDTLS_SELF_TEST

#define MBEDTLS_SSL_DEBUG_ALL

#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE

#define MBEDTLS_SSL_PROTO_TLS1_2

#define MBEDTLS_SSL_PROTO_DTLS

#define MBEDTLS_AES_C

#define MBEDTLS_ASN1_PARSE_C

#define MBEDTLS_ASN1_WRITE_C

#define MBEDTLS_BASE64_C

#define MBEDTLS_BIGNUM_C

#define MBEDTLS_CAMELLIA_C

#define MBEDTLS_CERTS_C

#define MBEDTLS_CIPHER_C

#define MBEDTLS_CTR_DRBG_C

#define MBEDTLS_DEBUG_C

#define MBEDTLS_ECDH_C

#define MBEDTLS_ECDSA_C

#define MBEDTLS_ECP_C

#define MBEDTLS_ENTROPY_C

#define MBEDTLS_ERROR_C

#define MBEDTLS_GCM_C

#define MBEDTLS_HKDF_C

#define MBEDTLS_MD_C

#define MBEDTLS_NET_C

#define MBEDTLS_OID_C

#define MBEDTLS_PEM_PARSE_C

#define MBEDTLS_PK_C

#define MBEDTLS_PK_PARSE_C

#define MBEDTLS_PLATFORM_C

#define MBEDTLS_SHA256_C

#define MBEDTLS_SHA512_C

#define MBEDTLS_SSL_CLI_C

#define MBEDTLS_SSL_SRV_C

#define MBEDTLS_SSL_TLS_C

#define MBEDTLS_X509_USE_C

#define MBEDTLS_X509_CRT_PARSE_C

#define MBEDTLS_MPI_MAX_SIZE 48

#define MBEDTLS_ECP_MAX_BITS 384
#define MBEDTLS_ECP_WINDOW_SIZE 2
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0

#define MBEDTLS_ENTROPY_MAX_SOURCES 2

#define MBEDTLS_PLATFORM_PRINTF_MACRO printf

#define MBEDTLS_SSL_MAX_CONTENT_LEN 2048

#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
#endif

#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
#elif defined(MBEDTLS_USER_CONFIG_FILE)
#include MBEDTLS_USER_CONFIG_FILE
#endif
#include “mbedtls/check_config.h”

#endif

6

Hi,

I checked in my server side , I am getting this error.

2019/04/18 13:25:28 [debug] 5829#5829: *226 event timer add: 4: 60000:1555574188924
2019/04/18 13:25:28 [debug] 5829#5829: *226 reusable connection: 1
2019/04/18 13:25:28 [debug] 5829#5829: *226 epoll add event: fd:4 op:1 ev:80002001
2019/04/18 13:25:29 [debug] 5829#5829: *226 post event 0000555F2B159830
2019/04/18 13:25:29 [debug] 5829#5829: *226 delete posted event 0000555F2B159830
2019/04/18 13:25:29 [debug] 5829#5829: *226 http check ssl handshake
2019/04/18 13:25:29 [debug] 5829#5829: *226 http recv(): 1
2019/04/18 13:25:29 [debug] 5829#5829: *226 https ssl handshake: 0x16
2019/04/18 13:25:29 [debug] 5829#5829: *226 SSL_do_handshake: -1
2019/04/18 13:25:29 [debug] 5829#5829: *226 SSL_get_error: 1
2019/04/18 13:25:29 [info] 5829#5829: *226 SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking, client: 10.10.72.1, server: 0.0.0.0:443
2019/04/18 13:25:29 [debug] 5829#5829: *226 close http connection: 4
2019/04/18 13:25:29 [debug] 5829#5829: *226 event timer del: 4: 1555574188924
2019/04/18 13:25:29 [debug] 5829#5829: *226 reusable connection: 0
2019/04/18 13:25:29 [debug] 5829#5829: *226 free: 0000555F2B149800, unused: 152

7

Hi @Rajkumar181
As you can see from the server log:
" ssl3_get_client_hello:no shared cipher"
This means that htere is still missing a shared ciphersuite.

Please define MBEDTLS_RSA_C as well. You should probably enable the MBEDTLS_DHM_C and the relevant key exchanges if that doesn’t work.
As mentioned in the article I referenced, I suggest you first use the sample application ssl_client2 pm your pc, using the default configuration, to understand what configuration you are missing.
Regards

8

Hi Roneld,

I tried your suggestion and i change chiper according to my server. and server has accepted new chiper. But in last stage i am getting this issue.

…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3161: handshake message: msglen = 5021, type = 11, hslen = 5021
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:3846: <= read record
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:4180: => send alert message
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:4181: send alert level=2 message=80
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2764: => write record
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2910: output record: msgtype = 21, version = [3:3], msglen = 2
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: dumping ‘output record sent to network’ (7 bytes)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2913: 0000: 15 03 03 00 02 02 50 …P
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2471: => flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2490: message length: 7, out_left: 7
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2496: ssl->f_send() returned 7 (-0xfffffff9)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2523: <= flush output
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:2922: <= write record
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:4193: <= send alert message
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:4573: mbedtls_x509_crt_parse_der() returned -10368 (-0x2880)
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:6764: <= handshake
failed
! mbedtls_ssl_handshake returned -0x2880

Last error was: -10368 - X509 - Allocation of memory failed

…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:7542: => free
…\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c:7607: <= free

9

Hi @Rajkumar181
As you can see in the log:

Last error was: -10368 - X509 - Allocation of memory failed

This means you ran our of memory when parsing the server certificate.
However, we have been working on a feature to reduce RAM usage in X509 certificate parsing, however it hasn’t been released in an official version yet.
You are welcome to use latest development version, nd test this feature, if you wish.
Regards,
Mbed TLS Team member
Ron

10

Hi Ron,

i fixed this use using this article

https://tls.mbed.org/kb/how-to/using-static-memory-instead-of-the-heap

Thanks