ARMmbed

Mbedtls_ssl_handshake fails and returns -0x4D80 error code

What could be a reason when mbedtls_ssl_handshake returns -0x4D80 error code?

Used ciphersuit: MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Hi @Evgeniy_Vasyliev
Using the sample application strerror you would see:

programs/util/strerror -0x4d80
Last error was: -0x4d80 - ECP - Memory allocation failed

You ran out of memory during your handshake. Are you using a memory constrained board? Note that RSA consumes much memory, and this could cause your memory issues.
If you use a certificate signed with ECP, you will get smaller certificates, due to smaller key sizes, with same security strength as RSA.
I suggest you read https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint for hints on reducing your memory usage.
Regards,
Mbed TLS Team member
Ron

@roneld01, thank you for detailed response.

I am working on STM32F4 and making a web-server on it. I am using code from https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_server.c Initially I was using default ciphersuits generated using STM32CubeMx:

  • MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

and using these ciphersuits it is really working good in Firefox. However, in Google Chrome many of handshake procedures end with error -0x7780 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE), however after resetting the connection it begins to work fine the other time!

So, while in Firefox all the requests are passed without any erros in Google Chrome at each request first there is a handshake error, but after this at subsequent request it is processed well. I can not send to you logs from mbedTLS, however this is a log how it works with Google Chrome:

**00.01.01 14:59:28.305 SSL handshake error: -30592**
00.01.01 14:59:28.305 SslResetSession
00.01.01 14:59:28.356 SSL connection using TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
00.01.01 14:59:28.356 PTS_ProcessHttpRequest
00.01.01 14:59:28.364 SslResetSession
**00.01.01 14:59:28.381 SSL handshake error: -30592**
00.01.01 14:59:28.382 SslResetSession
00.01.01 14:59:28.434 SSL connection using TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
00.01.01 14:59:28.434 PTS_ProcessHttpRequest
00.01.01 14:59:28.449 SslResetSession
**00.01.01 14:59:28.480 SSL handshake error: -30592**
00.01.01 14:59:28.481 SslResetSession
00.01.01 14:59:28.532 SSL connection using TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
00.01.01 14:59:28.532 PTS_ProcessHttpRequest
00.01.01 14:59:28.536 SslResetSession

So, after reading some posts on this forum I thought that enabling RSA will solve the problem with Google Chrome. However, after few days of attempts I still can not make it work (there is really quite little free memory left in MCU). maybe the problem is not in RSA and I am looking in a wrong direction?

Can you please advise what can be a reason on why handshake with Google Chrome will end with error -0x7780 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE), while after resetting the connection it will work?

Thank you.

I was able to get the mbedTLS logs at debug level = 2.

  1. Here is a log when working with Mozilla Firefox (everything seems to work well):

     19.06.24 19:00:20.038 ssl_tls.c:6754: |2| => handshake
    
     19.06.24 19:00:20.074 ssl_srv.c:4219: |2| server state: 0
    
     19.06.24 19:00:20.081 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:20.088 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:20.096 ssl_srv.c:4219: |2| server state: 1
    
     19.06.24 19:00:20.103 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:20.110 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:20.116 ssl_srv.c:1192: |2| => parse client hello
    
     19.06.24 19:00:20.123 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:20.133 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:20.140 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:20.147 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 19:00:20.155 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:20.161 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:20.168 ssl_tls.c:2413: |2| in_left: 5, nb_want: 517
    
     19.06.24 19:00:20.176 ssl_tls.c:2437: |2| in_left: 5, nb_want: 517
    
     19.06.24 19:00:20.186 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)
    
     19.06.24 19:00:20.193 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:20.200 ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
    
     19.06.24 19:00:20.207 ssl_srv.c:2008: |2| <= parse client hello
    
     19.06.24 19:00:20.214 ssl_srv.c:4219: |2| server state: 2
    
     19.06.24 19:00:20.221 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:20.228 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:20.238 ssl_srv.c:2383: |2| => write server hello
    
     19.06.24 19:00:20.246 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:20.253 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:20.260 ssl_tls.c:2490: |2| message length: 92, out_left: 92
    
     19.06.24 19:00:20.267 ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)
    
     19.06.24 19:00:20.274 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:20.281 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:20.287 ssl_srv.c:2600: |2| <= write server hello
    
     19.06.24 19:00:20.298 ssl_srv.c:4219: |2| server state: 3
    
     19.06.24 19:00:20.304 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:20.311 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:20.318 ssl_tls.c:4259: |2| => write certificate
    
     19.06.24 19:00:20.326 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:20.335 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:20.341 ssl_tls.c:2490: |2| message length: 1163, out_left: 1163
    
     19.06.24 19:00:20.349 ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)
    
     19.06.24 19:00:20.359 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:20.365 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:20.373 ssl_tls.c:4363: |2| <= write certificate
    
     19.06.24 19:00:20.380 ssl_srv.c:4219: |2| server state: 4
    
     19.06.24 19:00:20.387 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:20.393 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:20.400 ssl_srv.c:3232: |2| => write server key exchange
    
     19.06.24 19:00:20.410 ssl_srv.c:3011: |2| ECDHE curve: secp384r1
    
     19.06.24 19:00:21.173 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:21.180 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:21.187 ssl_tls.c:2490: |2| message length: 185, out_left: 185
    
     19.06.24 19:00:21.195 ssl_tls.c:2496: |2| ssl->f_send() returned 185 (-0xffffff47)
    
     19.06.24 19:00:21.202 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:21.209 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:21.234 ssl_srv.c:3316: |2| <= write server key exchange
    
     19.06.24 19:00:21.244 ssl_srv.c:4219: |2| server state: 5
    
     19.06.24 19:00:21.251 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:21.258 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:21.265 ssl_srv.c:2645: |2| => write certificate request
    
     19.06.24 19:00:21.272 ssl_srv.c:2663: |2| <= skip write certificate request
    
     19.06.24 19:00:21.279 ssl_srv.c:4219: |2| server state: 6
    
     19.06.24 19:00:21.286 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:21.293 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:21.302 ssl_srv.c:3324: |2| => write server hello done
    
     19.06.24 19:00:21.309 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:21.316 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:21.324 ssl_tls.c:2490: |2| message length: 9, out_left: 9
    
     19.06.24 19:00:21.331 ssl_tls.c:2496: |2| ssl->f_send() returned 9 (-0xfffffff7)
    
     19.06.24 19:00:21.338 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:21.344 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:21.354 ssl_srv.c:3343: |2| <= write server hello done
    
     19.06.24 19:00:21.362 ssl_srv.c:4219: |2| server state: 7
    
     19.06.24 19:00:21.368 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:21.375 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:21.382 ssl_tls.c:4376: |2| => parse certificate
    
     19.06.24 19:00:21.389 ssl_tls.c:4406: |2| <= skip parse certificate
    
     19.06.24 19:00:21.396 ssl_srv.c:4219: |2| server state: 8
    
     19.06.24 19:00:21.403 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:21.413 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:21.420 ssl_srv.c:3664: |2| => parse client key exchange
    
     19.06.24 19:00:21.427 ssl_tls.c:3809: |2| => read record
    
     19.06.24 19:00:21.434 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:21.441 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:21.655 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:21.662 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 19:00:21.669 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:21.679 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:21.686 ssl_tls.c:2413: |2| in_left: 5, nb_want: 107
    
     19.06.24 19:00:21.693 ssl_tls.c:2437: |2| in_left: 5, nb_want: 107
    
     19.06.24 19:00:21.700 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 102 (-0xffffff9a)
    
     19.06.24 19:00:21.707 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:21.714 ssl_tls.c:3846: |2| <= read record
    
     19.06.24 19:00:22.185 ssl_tls.c:0509: |2| => derive keys
    
     19.06.24 19:00:22.199 ssl_tls.c:0983: |2| <= derive keys
    
     19.06.24 19:00:22.206 ssl_srv.c:3928: |2| <= parse client key exchange
    
     19.06.24 19:00:22.212 ssl_srv.c:4219: |2| server state: 9
    
     19.06.24 19:00:22.219 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.226 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:22.233 ssl_srv.c:3975: |2| => parse certificate verify
    
     19.06.24 19:00:22.240 ssl_srv.c:3984: |2| <= skip parse certificate verify
    
     19.06.24 19:00:22.247 ssl_srv.c:4219: |2| server state: 10
    
     19.06.24 19:00:22.257 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.264 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:22.271 ssl_tls.c:4779: |2| => parse change cipher spec
    
     19.06.24 19:00:22.278 ssl_tls.c:3809: |2| => read record
    
     19.06.24 19:00:22.285 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:22.292 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:22.318 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:22.325 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 19:00:22.335 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:22.342 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:22.349 ssl_tls.c:2413: |2| in_left: 5, nb_want: 6
    
     19.06.24 19:00:22.356 ssl_tls.c:2437: |2| in_left: 5, nb_want: 6
    
     19.06.24 19:00:22.363 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 1 (-0xffffffff)
    
     19.06.24 19:00:22.370 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:22.377 ssl_tls.c:3846: |2| <= read record
    
     19.06.24 19:00:22.396 ssl_tls.c:4857: |2| <= parse change cipher spec
    
     19.06.24 19:00:22.403 ssl_srv.c:4219: |2| server state: 11
    
     19.06.24 19:00:22.410 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.417 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:22.424 ssl_tls.c:5415: |2| => parse finished
    
     19.06.24 19:00:22.431 ssl_tls.c:5114: |2| => calc  finished tls sha256
    
     19.06.24 19:00:22.438 ssl_tls.c:5144: |2| <= calc  finished
    
     19.06.24 19:00:22.445 ssl_tls.c:3809: |2| => read record
    
     19.06.24 19:00:22.455 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:22.462 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:22.469 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:22.475 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 19:00:22.482 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:22.489 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:22.496 ssl_tls.c:2413: |2| in_left: 5, nb_want: 45
    
     19.06.24 19:00:22.503 ssl_tls.c:2437: |2| in_left: 5, nb_want: 45
    
     19.06.24 19:00:22.513 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 40 (-0xffffffd8)
    
     19.06.24 19:00:22.520 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:22.527 ssl_tls.c:1619: |2| => decrypt buf
    
     19.06.24 19:00:22.534 ssl_tls.c:2092: |2| <= decrypt buf
    
     19.06.24 19:00:22.542 ssl_tls.c:3846: |2| <= read record
    
     19.06.24 19:00:22.548 ssl_tls.c:5483: |2| <= parse finished
    
     19.06.24 19:00:22.555 ssl_srv.c:4219: |2| server state: 12
    
     19.06.24 19:00:22.565 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.572 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:22.579 ssl_tls.c:4756: |2| => write change cipher spec
    
     19.06.24 19:00:22.586 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:22.593 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.600 ssl_tls.c:2490: |2| message length: 6, out_left: 6
    
     19.06.24 19:00:22.607 ssl_tls.c:2496: |2| ssl->f_send() returned 6 (-0xfffffffa)
    
     19.06.24 19:00:22.614 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:22.624 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:22.631 ssl_tls.c:4770: |2| <= write change cipher spec
    
     19.06.24 19:00:22.637 ssl_srv.c:4219: |2| server state: 13
    
     19.06.24 19:00:22.644 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.651 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:22.657 ssl_tls.c:5289: |2| => write finished
    
     19.06.24 19:00:22.664 ssl_tls.c:5114: |2| => calc  finished tls sha256
    
     19.06.24 19:00:22.671 ssl_tls.c:5144: |2| <= calc  finished
    
     19.06.24 19:00:22.681 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:22.687 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 19:00:22.694 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 19:00:22.701 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.707 ssl_tls.c:2490: |2| message length: 45, out_left: 45
    
     19.06.24 19:00:22.733 ssl_tls.c:2496: |2| ssl->f_send() returned 45 (-0xffffffd3)
    
     19.06.24 19:00:22.740 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:22.750 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:22.757 ssl_tls.c:5398: |2| <= write finished
    
     19.06.24 19:00:22.764 ssl_srv.c:4219: |2| server state: 14
    
     19.06.24 19:00:22.771 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.778 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:22.785 ssl_srv.c:4324: |2| handshake: done
    
     19.06.24 19:00:22.792 ssl_srv.c:4219: |2| server state: 15
    
     19.06.24 19:00:22.799 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:22.806 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 19:00:22.816 ssl_tls.c:6764: |2| <= handshake
    
     19.06.24 19:00:22.823 ssl_tls.c:6940: |2| => read
    
     19.06.24 19:00:22.830 ssl_tls.c:3809: |2| => read record
    
     19.06.24 19:00:22.837 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:22.844 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:22.851 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 19:00:22.858 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 19:00:22.865 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:22.876 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 19:00:22.883 ssl_tls.c:2413: |2| in_left: 5, nb_want: 734
    
     19.06.24 19:00:22.890 ssl_tls.c:2437: |2| in_left: 5, nb_want: 734
    
     19.06.24 19:00:22.897 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 605 (-0xfffffda3)
    
     19.06.24 19:00:22.904 ssl_tls.c:2437: |2| in_left: 610, nb_want: 734
    
     19.06.24 19:00:22.911 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 124 (-0xffffff84)
    
     19.06.24 19:00:22.921 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 19:00:22.928 ssl_tls.c:1619: |2| => decrypt buf
    
     19.06.24 19:00:22.936 ssl_tls.c:2092: |2| <= decrypt buf
    
     19.06.24 19:00:22.943 ssl_tls.c:3846: |2| <= read record
    
     19.06.24 19:00:22.951 ssl_tls.c:7228: |2| <= read
    
     19.06.24 19:00:23.958 ssl_tls.c:7330: |2| => write
    
     19.06.24 19:00:23.966 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:23.973 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 19:00:23.980 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 19:00:23.990 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:23.997 ssl_tls.c:2490: |2| message length: 285, out_left: 285
    
     19.06.24 19:00:23.004 ssl_tls.c:2496: |2| ssl->f_send() returned 285 (-0xfffffee3)
    
     19.06.24 19:00:23.011 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:23.018 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:23.025 ssl_tls.c:7358: |2| <= write
    
     19.06.24 19:00:23.032 ssl_tls.c:7330: |2| => write
    
     19.06.24 19:00:23.039 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:23.049 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 19:00:23.056 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 19:00:23.063 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:23.070 ssl_tls.c:2490: |2| message length: 36, out_left: 36
    
     19.06.24 19:00:23.078 ssl_tls.c:2496: |2| ssl->f_send() returned 36 (-0xffffffdc)
    
     19.06.24 19:00:23.085 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:23.092 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:23.099 ssl_tls.c:7358: |2| <= write
    
     19.06.24 19:00:23.109 ssl_tls.c:7330: |2| => write
    
     19.06.24 19:00:23.116 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:23.123 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 19:00:23.149 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 19:00:23.156 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:23.163 ssl_tls.c:2490: |2| message length: 36, out_left: 36
    
     19.06.24 19:00:23.170 ssl_tls.c:2496: |2| ssl->f_send() returned 36 (-0xffffffdc)
    
     19.06.24 19:00:23.177 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:23.187 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:23.195 ssl_tls.c:7358: |2| <= write
    
     19.06.24 19:00:23.202 ssl_tls.c:7373: |2| => write close notify
    
     19.06.24 19:00:23.209 ssl_tls.c:4180: |2| => send alert message
    
     19.06.24 19:00:23.216 ssl_tls.c:2764: |2| => write record
    
     19.06.24 19:00:23.223 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 19:00:23.230 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 19:00:23.237 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 19:00:23.247 ssl_tls.c:2490: |2| message length: 31, out_left: 31
    
     19.06.24 19:00:23.254 ssl_tls.c:2496: |2| ssl->f_send() returned 31 (-0xffffffe1)
    
     19.06.24 19:00:23.261 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 19:00:23.268 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 19:00:23.275 ssl_tls.c:4193: |2| <= send alert message
    
     19.06.24 19:00:23.282 ssl_tls.c:7389: |2| <= write close notify
  1. Here is a log when working with Google Chrome (this time it returns error -0x50), however the other time works well):

     19.06.24 18:59:03.998 ssl_tls.c:6754: |2| => handshake
    
     19.06.24 18:59:04.016 ssl_srv.c:4219: |2| server state: 0
    
     19.06.24 18:59:04.023 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:04.030 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:04.038 ssl_srv.c:4219: |2| server state: 1
    
     19.06.24 18:59:04.045 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:04.052 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:04.059 ssl_srv.c:1192: |2| => parse client hello
    
     19.06.24 18:59:04.065 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:04.076 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:04.083 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:04.090 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 18:59:04.202 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:04.209 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:04.216 ssl_tls.c:2413: |2| in_left: 5, nb_want: 517
    
     19.06.24 18:59:04.223 ssl_tls.c:2437: |2| in_left: 5, nb_want: 517
    
     19.06.24 18:59:04.233 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)
    
     19.06.24 18:59:04.240 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:04.248 ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
    
     19.06.24 18:59:04.255 ssl_srv.c:2008: |2| <= parse client hello
    
     19.06.24 18:59:04.262 ssl_srv.c:4219: |2| server state: 2
    
     19.06.24 18:59:04.278 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:04.285 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:04.295 ssl_srv.c:2383: |2| => write server hello
    
     19.06.24 18:59:04.303 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:04.310 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:04.317 ssl_tls.c:2490: |2| message length: 92, out_left: 92
    
     19.06.24 18:59:04.324 ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)
    
     19.06.24 18:59:04.331 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:04.338 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:04.345 ssl_srv.c:2600: |2| <= write server hello
    
     19.06.24 18:59:04.354 ssl_srv.c:4219: |2| server state: 3
    
     19.06.24 18:59:04.361 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:04.368 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:04.376 ssl_tls.c:4259: |2| => write certificate
    
     19.06.24 18:59:04.383 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:04.392 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:04.399 ssl_tls.c:2490: |2| message length: 1163, out_left: 1163
    
     19.06.24 18:59:04.406 ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)
    
     19.06.24 18:59:04.416 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:04.422 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:04.430 ssl_tls.c:4363: |2| <= write certificate
    
     19.06.24 18:59:04.436 ssl_srv.c:4219: |2| server state: 4
    
     19.06.24 18:59:04.443 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:04.450 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:04.457 ssl_srv.c:3232: |2| => write server key exchange
    
     19.06.24 18:59:04.467 ssl_srv.c:3011: |2| ECDHE curve: secp384r1
    
     19.06.24 18:59:05.229 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:05.237 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.244 ssl_tls.c:2490: |2| message length: 185, out_left: 185
    
     19.06.24 18:59:05.251 ssl_tls.c:2496: |2| ssl->f_send() returned 185 (-0xffffff47)
    
     19.06.24 18:59:05.258 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:05.265 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:05.272 ssl_srv.c:3316: |2| <= write server key exchange
    
     19.06.24 18:59:05.282 ssl_srv.c:4219: |2| server state: 5
    
     19.06.24 18:59:05.288 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.296 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:05.303 ssl_srv.c:2645: |2| => write certificate request
    
     19.06.24 18:59:05.309 ssl_srv.c:2663: |2| <= skip write certificate request
    
     19.06.24 18:59:05.317 ssl_srv.c:4219: |2| server state: 6
    
     19.06.24 18:59:05.324 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.330 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:05.340 ssl_srv.c:3324: |2| => write server hello done
    
     19.06.24 18:59:05.348 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:05.355 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.362 ssl_tls.c:2490: |2| message length: 9, out_left: 9
    
     19.06.24 18:59:05.369 ssl_tls.c:2496: |2| ssl->f_send() returned -80 (-0x0050)
    
     19.06.24 18:59:05.376 ssl_tls.c:2918: |1| mbedtls_ssl_flush_output() returned -80 (-0x0050)
    
     19.06.24 18:59:05.383 ssl_srv.c:3339: |1| mbedtls_ssl_write_record() returned -80 (-0x0050)
    
     19.06.24 18:59:05.393 ssl_tls.c:6764: |2| <= handshake
    
     19.06.24 18:59:05.410 ssl_tls.c:6754: |2| => handshake
    
     19.06.24 18:59:05.415 ssl_srv.c:4219: |2| server state: 0
    
     19.06.24 18:59:05.422 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.429 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:05.436 ssl_srv.c:4219: |2| server state: 1
    
     19.06.24 18:59:05.443 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.450 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:05.460 ssl_srv.c:1192: |2| => parse client hello
    
     19.06.24 18:59:05.467 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:05.474 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:05.481 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:05.488 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 18:59:05.495 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:05.502 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:05.512 ssl_tls.c:2413: |2| in_left: 5, nb_want: 517
    
     19.06.24 18:59:05.519 ssl_tls.c:2437: |2| in_left: 5, nb_want: 517
    
     19.06.24 18:59:05.526 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)
    
     19.06.24 18:59:05.534 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:05.541 ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
    
     19.06.24 18:59:05.548 ssl_srv.c:2008: |2| <= parse client hello
    
     19.06.24 18:59:05.555 ssl_srv.c:4219: |2| server state: 2
    
     19.06.24 18:59:05.565 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.572 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:05.579 ssl_srv.c:2383: |2| => write server hello
    
     19.06.24 18:59:05.587 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:05.594 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.600 ssl_tls.c:2490: |2| message length: 92, out_left: 92
    
     19.06.24 18:59:05.608 ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)
    
     19.06.24 18:59:05.618 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:05.624 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:05.631 ssl_srv.c:2600: |2| <= write server hello
    
     19.06.24 18:59:05.638 ssl_srv.c:4219: |2| server state: 3
    
     19.06.24 18:59:05.645 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.652 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:05.659 ssl_tls.c:4259: |2| => write certificate
    
     19.06.24 18:59:05.666 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:05.675 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.685 ssl_tls.c:2490: |2| message length: 1163, out_left: 1163
    
     19.06.24 18:59:05.693 ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)
    
     19.06.24 18:59:05.700 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:05.707 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:05.713 ssl_tls.c:4363: |2| <= write certificate
    
     19.06.24 18:59:05.720 ssl_srv.c:4219: |2| server state: 4
    
     19.06.24 18:59:05.727 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:05.737 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:05.744 ssl_srv.c:3232: |2| => write server key exchange
    
     19.06.24 18:59:05.751 ssl_srv.c:3011: |2| ECDHE curve: secp384r1
    
     19.06.24 18:59:06.514 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:06.521 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:06.528 ssl_tls.c:2490: |2| message length: 185, out_left: 185
    
     19.06.24 18:59:06.535 ssl_tls.c:2496: |2| ssl->f_send() returned 185 (-0xffffff47)
    
     19.06.24 18:59:06.542 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:06.552 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:06.559 ssl_srv.c:3316: |2| <= write server key exchange
    
     19.06.24 18:59:06.566 ssl_srv.c:4219: |2| server state: 5
    
     19.06.24 18:59:06.573 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:06.580 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:06.598 ssl_srv.c:2645: |2| => write certificate request
    
     19.06.24 18:59:06.605 ssl_srv.c:2663: |2| <= skip write certificate request
    
     19.06.24 18:59:06.614 ssl_srv.c:4219: |2| server state: 6
    
     19.06.24 18:59:06.621 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:06.628 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:06.635 ssl_srv.c:3324: |2| => write server hello done
    
     19.06.24 18:59:06.642 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:06.649 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:06.656 ssl_tls.c:2490: |2| message length: 9, out_left: 9
    
     19.06.24 18:59:06.663 ssl_tls.c:2496: |2| ssl->f_send() returned 9 (-0xfffffff7)
    
     19.06.24 18:59:06.683 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:06.690 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:06.697 ssl_srv.c:3343: |2| <= write server hello done
    
     19.06.24 18:59:06.704 ssl_srv.c:4219: |2| server state: 7
    
     19.06.24 18:59:06.710 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:06.717 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:06.724 ssl_tls.c:4376: |2| => parse certificate
    
     19.06.24 18:59:06.731 ssl_tls.c:4406: |2| <= skip parse certificate
    
     19.06.24 18:59:06.741 ssl_srv.c:4219: |2| server state: 8
    
     19.06.24 18:59:06.748 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:06.754 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:06.761 ssl_srv.c:3664: |2| => parse client key exchange
    
     19.06.24 18:59:06.768 ssl_tls.c:3809: |2| => read record
    
     19.06.24 18:59:06.774 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:06.781 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:06.788 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:06.797 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 18:59:06.804 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:06.810 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:06.817 ssl_tls.c:2413: |2| in_left: 5, nb_want: 107
    
     19.06.24 18:59:06.824 ssl_tls.c:2437: |2| in_left: 5, nb_want: 107
    
     19.06.24 18:59:06.830 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 102 (-0xffffff9a)
    
     19.06.24 18:59:06.837 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:06.847 ssl_tls.c:3846: |2| <= read record
    
     19.06.24 18:59:07.317 ssl_tls.c:0509: |2| => derive keys
    
     19.06.24 18:59:07.327 ssl_tls.c:0983: |2| <= derive keys
    
     19.06.24 18:59:07.334 ssl_srv.c:3928: |2| <= parse client key exchange
    
     19.06.24 18:59:07.341 ssl_srv.c:4219: |2| server state: 9
    
     19.06.24 18:59:07.348 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.355 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:07.362 ssl_srv.c:3975: |2| => parse certificate verify
    
     19.06.24 18:59:07.372 ssl_srv.c:3984: |2| <= skip parse certificate verify
    
     19.06.24 18:59:07.380 ssl_srv.c:4219: |2| server state: 10
    
     19.06.24 18:59:07.387 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.394 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:07.401 ssl_tls.c:4779: |2| => parse change cipher spec
    
     19.06.24 18:59:07.408 ssl_tls.c:3809: |2| => read record
    
     19.06.24 18:59:07.415 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:07.422 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:07.432 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:07.439 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 18:59:07.446 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:07.453 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:07.460 ssl_tls.c:2413: |2| in_left: 5, nb_want: 6
    
     19.06.24 18:59:07.467 ssl_tls.c:2437: |2| in_left: 5, nb_want: 6
    
     19.06.24 18:59:07.474 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 1 (-0xffffffff)
    
     19.06.24 18:59:07.496 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:07.503 ssl_tls.c:3846: |2| <= read record
    
     19.06.24 18:59:07.510 ssl_tls.c:4857: |2| <= parse change cipher spec
    
     19.06.24 18:59:07.517 ssl_srv.c:4219: |2| server state: 11
    
     19.06.24 18:59:07.524 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.531 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:07.538 ssl_tls.c:5415: |2| => parse finished
    
     19.06.24 18:59:07.545 ssl_tls.c:5114: |2| => calc  finished tls sha256
    
     19.06.24 18:59:07.555 ssl_tls.c:5144: |2| <= calc  finished
    
     19.06.24 18:59:07.562 ssl_tls.c:3809: |2| => read record
    
     19.06.24 18:59:07.569 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:07.576 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:07.583 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:07.591 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 18:59:07.598 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:07.608 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:07.615 ssl_tls.c:2413: |2| in_left: 5, nb_want: 45
    
     19.06.24 18:59:07.622 ssl_tls.c:2437: |2| in_left: 5, nb_want: 45
    
     19.06.24 18:59:07.629 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 40 (-0xffffffd8)
    
     19.06.24 18:59:07.636 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:07.643 ssl_tls.c:1619: |2| => decrypt buf
    
     19.06.24 18:59:07.650 ssl_tls.c:2092: |2| <= decrypt buf
    
     19.06.24 18:59:07.657 ssl_tls.c:3846: |2| <= read record
    
     19.06.24 18:59:07.667 ssl_tls.c:5483: |2| <= parse finished
    
     19.06.24 18:59:07.674 ssl_srv.c:4219: |2| server state: 12
    
     19.06.24 18:59:07.681 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.688 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:07.695 ssl_tls.c:4756: |2| => write change cipher spec
    
     19.06.24 18:59:07.702 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:07.709 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.716 ssl_tls.c:2490: |2| message length: 6, out_left: 6
    
     19.06.24 18:59:07.726 ssl_tls.c:2496: |2| ssl->f_send() returned 6 (-0xfffffffa)
    
     19.06.24 18:59:07.733 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:07.740 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:07.747 ssl_tls.c:4770: |2| <= write change cipher spec
    
     19.06.24 18:59:07.754 ssl_srv.c:4219: |2| server state: 13
    
     19.06.24 18:59:07.761 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.768 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:07.775 ssl_tls.c:5289: |2| => write finished
    
     19.06.24 18:59:07.785 ssl_tls.c:5114: |2| => calc  finished tls sha256
    
     19.06.24 18:59:07.793 ssl_tls.c:5144: |2| <= calc  finished
    
     19.06.24 18:59:07.800 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:07.807 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 18:59:07.814 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 18:59:07.821 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.828 ssl_tls.c:2490: |2| message length: 45, out_left: 45
    
     19.06.24 18:59:07.835 ssl_tls.c:2496: |2| ssl->f_send() returned 45 (-0xffffffd3)
    
     19.06.24 18:59:07.845 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:07.852 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:07.859 ssl_tls.c:5398: |2| <= write finished
    
     19.06.24 18:59:07.866 ssl_srv.c:4219: |2| server state: 14
    
     19.06.24 18:59:07.873 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.880 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:07.887 ssl_srv.c:4324: |2| handshake: done
    
     19.06.24 18:59:07.897 ssl_srv.c:4219: |2| server state: 15
    
     19.06.24 18:59:07.904 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:07.911 ssl_tls.c:2483: |2| <= flush output
    
     19.06.24 18:59:07.929 ssl_tls.c:6764: |2| <= handshake
    
     19.06.24 18:59:07.937 ssl_tls.c:6940: |2| => read
    
     19.06.24 18:59:07.943 ssl_tls.c:3809: |2| => read record
    
     19.06.24 18:59:07.950 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:07.957 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:07.965 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
    
     19.06.24 18:59:07.974 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    
     19.06.24 18:59:07.981 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:07.989 ssl_tls.c:2252: |2| => fetch input
    
     19.06.24 18:59:07.995 ssl_tls.c:2413: |2| in_left: 5, nb_want: 807
    
     19.06.24 18:59:08.003 ssl_tls.c:2437: |2| in_left: 5, nb_want: 807
    
     19.06.24 18:59:08.010 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 802 (-0xfffffcde)
    
     19.06.24 18:59:08.017 ssl_tls.c:2458: |2| <= fetch input
    
     19.06.24 18:59:08.036 ssl_tls.c:1619: |2| => decrypt buf
    
     19.06.24 18:59:08.045 ssl_tls.c:2092: |2| <= decrypt buf
    
     19.06.24 18:59:08.051 ssl_tls.c:3846: |2| <= read record
    
     19.06.24 18:59:08.059 ssl_tls.c:7228: |2| <= read
    
     19.06.24 18:59:08.066 ssl_tls.c:7330: |2| => write
    
     19.06.24 18:59:08.073 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:08.080 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 18:59:08.088 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 18:59:08.094 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:08.104 ssl_tls.c:2490: |2| message length: 285, out_left: 285
    
     19.06.24 18:59:08.112 ssl_tls.c:2496: |2| ssl->f_send() returned 285 (-0xfffffee3)
    
     19.06.24 18:59:08.119 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:08.125 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:08.132 ssl_tls.c:7358: |2| <= write
    
     19.06.24 18:59:08.140 ssl_tls.c:7330: |2| => write
    
     19.06.24 18:59:08.147 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:08.156 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 18:59:08.164 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 18:59:08.171 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:08.177 ssl_tls.c:2490: |2| message length: 36, out_left: 36
    
     19.06.24 18:59:08.185 ssl_tls.c:2496: |2| ssl->f_send() returned 36 (-0xffffffdc)
    
     19.06.24 18:59:08.192 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:08.199 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:08.205 ssl_tls.c:7358: |2| <= write
    
     19.06.24 18:59:08.215 ssl_tls.c:7330: |2| => write
    
     19.06.24 18:59:08.222 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:08.229 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 18:59:08.236 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 18:59:08.243 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:08.250 ssl_tls.c:2490: |2| message length: 36, out_left: 36
    
     19.06.24 18:59:08.258 ssl_tls.c:2496: |2| ssl->f_send() returned 36 (-0xffffffdc)
    
     19.06.24 18:59:08.264 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:08.274 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:08.281 ssl_tls.c:7358: |2| <= write
    
     19.06.24 18:59:08.288 ssl_tls.c:7373: |2| => write close notify
    
     19.06.24 18:59:08.295 ssl_tls.c:4180: |2| => send alert message
    
     19.06.24 18:59:08.302 ssl_tls.c:2764: |2| => write record
    
     19.06.24 18:59:08.310 ssl_tls.c:1287: |2| => encrypt buf
    
     19.06.24 18:59:08.317 ssl_tls.c:1605: |2| <= encrypt buf
    
     19.06.24 18:59:08.323 ssl_tls.c:2471: |2| => flush output
    
     19.06.24 18:59:08.330 ssl_tls.c:2490: |2| message length: 31, out_left: 31
    
     19.06.24 18:59:08.341 ssl_tls.c:2496: |2| ssl->f_send() returned 31 (-0xffffffe1)
    
     19.06.24 18:59:08.347 ssl_tls.c:2523: |2| <= flush output
    
     19.06.24 18:59:08.366 ssl_tls.c:2922: |2| <= write record
    
     19.06.24 18:59:08.373 ssl_tls.c:4193: |2| <= send alert message
    
     19.06.24 18:59:08.379 ssl_tls.c:7389: |2| <= write close notify

What can be a reason for this with Google Chrome? Same situation I am facing with Microsoft Edge and IE.

Maybe I need to change something in mbedTLS configuration? I am using default configuration generated by STM32CubeMX and take https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_server.c as example.

Thank you.

HI @Evgeniy_Vasyliev
The log you show in the Google Chrome example doesn’t suggest a failed connection. However, error -0x50 is MBEDTLS_ERR_NET_CONN_RESET, which means that the connection was reset by the peer.

Assuming Chrome uses Mbed TLS as well, the error -30592 is (as you mentioned):

programs/util/strerror -30592
Last error was: -0x7780 - SSL - A fatal alert message was received from our peer

Please look a the log of a failed connection with google chrome, to understand why and when your server sent a fatal alert. It is better to se a debug lievel higher than 2.
Regards

@roneld01, thank you, here is a more detailed log when using Google Chrome with debug level = 4 (the highest), at this please note that when I enable logging the error at handshake is -80 (-0x50), however when logging is disabled - then the error at handshake is -30592 (-0x7780) - perhaps due to the timeout cause I write the logs to SD flash disk, so it takes time (I have SD disk on board, to which I forward the logs):

At this please note that used version of mbedTLS is 2.11.0 working over LWIP 2.0.3, which is coming into the latest release of STM32CubeMx for STM32F4 MCU,

ssl_tls.c:6754: |2| => handshake
ssl_srv.c:4219: |2| server state: 0
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:4219: |2| server state: 1
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:1192: |2| => parse client hello
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_srv.c:1224: |4| dumping 'record header' (5 bytes)
ssl_srv.c:1224: |4| 0000:  16 03 01 02 00                                   .....
ssl_srv.c:1236: |3| client hello v3, message type: 22
ssl_srv.c:1245: |3| client hello v3, message len.: 512
ssl_srv.c:1248: |3| client hello v3, protocol version: [3:1]
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 517
ssl_tls.c:2437: |2| in_left: 5, nb_want: 517
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)
ssl_tls.c:2458: |2| <= fetch input
ssl_srv.c:1330: |4| dumping 'record contents' (512 bytes)
ssl_srv.c:1330: |4| 0000:  01 00 01 fc 03 03 30 6d 56 a1 d1 c2 82 5c 79 80  ......0mV....\y.
ssl_srv.c:1330: |4| 0010:  ef e5 cd d4 c1 2c c8 8e 21 ea da 41 c3 0d bd 5e  .....,..!..A...^
ssl_srv.c:1330: |4| 0020:  62 f4 84 e3 cc de 20 53 69 9a dd 81 0d e7 99 5f  b..... Si......_
ssl_srv.c:1330: |4| 0030:  2f b1 c7 ec 9e e0 96 81 ad 9d 8e c3 db 40 50 91  /............@P.
ssl_srv.c:1330: |4| 0040:  d0 f6 31 18 47 c0 c6 00 22 ea ea 13 01 13 02 13  ..1.G...".......
ssl_srv.c:1330: |4| 0050:  03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0  ..+./.,.0.......
ssl_srv.c:1330: |4| 0060:  14 00 9c 00 9d 00 2f 00 35 00 0a 01 00 01 91 aa  ....../.5.......
ssl_srv.c:1330: |4| 0070:  aa 00 00 00 17 00 00 ff 01 00 01 00 00 0a 00 0a  ................
ssl_srv.c:1330: |4| 0080:  00 08 2a 2a 00 1d 00 17 00 18 00 0b 00 02 01 00  ..**............
ssl_srv.c:1330: |4| 0090:  00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74  .#.........h2.ht
ssl_srv.c:1330: |4| 00a0:  74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00 00  tp/1.1..........
ssl_srv.c:1330: |4| 00b0:  0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05 05  ................
ssl_srv.c:1330: |4| 00c0:  01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b 00  ............3.+.
ssl_srv.c:1330: |4| 00d0:  29 2a 2a 00 01 00 00 1d 00 20 ec c9 55 48 ab 96  )**...... ..UH..
ssl_srv.c:1330: |4| 00e0:  d4 79 e3 3e 85 2e de ad e2 70 ca 0e 77 8c 33 c0  .y.>.....p..w.3.
ssl_srv.c:1330: |4| 00f0:  9f 74 d6 2f 85 43 68 57 2e 4c 00 2d 00 02 01 01  .t./.ChW.L.-....
ssl_srv.c:1330: |4| 0100:  00 2b 00 0b 0a 1a 1a 03 04 03 03 03 02 03 01 00  .+..............
ssl_srv.c:1330: |4| 0110:  1b 00 03 02 00 02 da da 00 01 00 00 15 00 e1 00  ................
ssl_srv.c:1330: |4| 0120:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0130:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0150:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0160:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0170:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0190:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01a0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01b0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01c0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1348: |3| client hello v3, handshake type: 1
ssl_srv.c:1357: |3| client hello v3, handshake len.: 508
ssl_srv.c:1446: |3| dumping 'client hello, version' (2 bytes)
ssl_srv.c:1446: |3| 0000:  03 03                                            ..
ssl_srv.c:1477: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_srv.c:1477: |3| 0000:  30 6d 56 a1 d1 c2 82 5c 79 80 ef e5 cd d4 c1 2c  0mV....\y......,
ssl_srv.c:1477: |3| 0010:  c8 8e 21 ea da 41 c3 0d bd 5e 62 f4 84 e3 cc de  ..!..A...^b.....
ssl_srv.c:1495: |3| dumping 'client hello, session id' (32 bytes)
ssl_srv.c:1495: |3| 0000:  53 69 9a dd 81 0d e7 99 5f 2f b1 c7 ec 9e e0 96  Si......_/......
ssl_srv.c:1495: |3| 0010:  81 ad 9d 8e c3 db 40 50 91 d0 f6 31 18 47 c0 c6  ......@P...1.G..
ssl_srv.c:1580: |3| dumping 'client hello, ciphersuitelist' (34 bytes)
ssl_srv.c:1580: |3| 0000:  ea ea 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30  .........+./.,.0
ssl_srv.c:1580: |3| 0010:  cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35  ............./.5
ssl_srv.c:1580: |3| 0020:  00 0a                                            ..
ssl_srv.c:1600: |3| dumping 'client hello, compression' (1 bytes)
ssl_srv.c:1600: |3| 0000:  00                                               .
ssl_srv.c:1655: |3| dumping 'client hello extensions' (401 bytes)
ssl_srv.c:1655: |3| 0000:  aa aa 00 00 00 17 00 00 ff 01 00 01 00 00 0a 00  ................
ssl_srv.c:1655: |3| 0010:  0a 00 08 2a 2a 00 1d 00 17 00 18 00 0b 00 02 01  ...**...........
ssl_srv.c:1655: |3| 0020:  00 00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68  ..#.........h2.h
ssl_srv.c:1655: |3| 0030:  74 74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00  ttp/1.1.........
ssl_srv.c:1655: |3| 0040:  00 0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05  ................
ssl_srv.c:1655: |3| 0050:  05 01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b  .............3.+
ssl_srv.c:1655: |3| 0060:  00 29 2a 2a 00 01 00 00 1d 00 20 ec c9 55 48 ab  .)**...... ..UH.
ssl_srv.c:1655: |3| 0070:  96 d4 79 e3 3e 85 2e de ad e2 70 ca 0e 77 8c 33  ..y.>.....p..w.3
ssl_srv.c:1655: |3| 0080:  c0 9f 74 d6 2f 85 43 68 57 2e 4c 00 2d 00 02 01  ..t./.ChW.L.-...
ssl_srv.c:1655: |3| 0090:  01 00 2b 00 0b 0a 1a 1a 03 04 03 03 03 02 03 01  ..+.............
ssl_srv.c:1655: |3| 00a0:  00 1b 00 03 02 00 02 da da 00 01 00 00 15 00 e1  ................
ssl_srv.c:1655: |3| 00b0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00c0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0100:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0110:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0120:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0130:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0150:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0160:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0170:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0190:  00                                               .
ssl_srv.c:1803: |3| unknown extension found: 43690 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 23 (ignoring)
ssl_srv.c:1686: |3| found renegotiation extension
ssl_srv.c:1713: |3| found supported elliptic curves extension
ssl_srv.c:1721: |3| found supported point formats extension
ssl_srv.c:0356: |4| point format selected: 0
ssl_srv.c:1803: |3| unknown extension found: 35 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 16 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 5 (ignoring)
ssl_srv.c:1699: |3| found signature_algorithms extension
ssl_srv.c:0252: |3| client hello v3, signature_algorithm ext: match sig 4 and hash 6
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 4
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0252: |3| client hello v3, signature_algorithm ext: match sig 4 and hash 7
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 5
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 6
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:1803: |3| unknown extension found: 18 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 51 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 45 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 43 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 27 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 56026 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 21 (ignoring)
ssl_srv.c:0801: |3| trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:0699: |3| ciphersuite requires certificate
ssl_srv.c:0710: |3| candidate certificate chain, certificate #1:
ssl_srv.c:0710: |3| cert. version     : 3
ssl_srv.c:0710: |3| serial number     : 09
ssl_srv.c:0710: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_srv.c:0710: |3| issued  on        : 2013-09-24 15:52:04
ssl_srv.c:0710: |3| expires on        : 2023-09-22 15:52:04
ssl_srv.c:0710: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0710: |3| EC key size       : 256 bits
ssl_srv.c:0710: |3| basic constraints : CA=false
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_srv.c:0710: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_srv.c:0710: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_srv.c:0710: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_srv.c:0710: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_srv.c:0710: |3| candidate certificate chain, certificate #2:
ssl_srv.c:0710: |3| cert. version     : 3
ssl_srv.c:0710: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_srv.c:0710: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| issued  on        : 2013-09-24 15:49:48
ssl_srv.c:0710: |3| expires on        : 2023-09-22 15:49:48
ssl_srv.c:0710: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0710: |3| EC key size       : 384 bits
ssl_srv.c:0710: |3| basic constraints : CA=true
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_srv.c:0710: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_srv.c:0710: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_srv.c:0710: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_srv.c:0710: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_srv.c:0710: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_srv.c:0710: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_srv.c:0772: |3| selected certificate chain, certificate #1:
ssl_srv.c:0772: |3| cert. version     : 3
ssl_srv.c:0772: |3| serial number     : 09
ssl_srv.c:0772: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_srv.c:0772: |3| issued  on        : 2013-09-24 15:52:04
ssl_srv.c:0772: |3| expires on        : 2023-09-22 15:52:04
ssl_srv.c:0772: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0772: |3| EC key size       : 256 bits
ssl_srv.c:0772: |3| basic constraints : CA=false
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_srv.c:0772: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_srv.c:0772: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_srv.c:0772: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_srv.c:0772: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_srv.c:0772: |3| selected certificate chain, certificate #2:
ssl_srv.c:0772: |3| cert. version     : 3
ssl_srv.c:0772: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_srv.c:0772: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| issued  on        : 2013-09-24 15:49:48
ssl_srv.c:0772: |3| expires on        : 2023-09-22 15:49:48
ssl_srv.c:0772: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0772: |3| EC key size       : 384 bits
ssl_srv.c:0772: |3| basic constraints : CA=true
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_srv.c:0772: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_srv.c:0772: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_srv.c:0772: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_srv.c:0772: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_srv.c:0772: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_srv.c:0772: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:1998: |3| client hello v3, signature_algorithm ext: 4
ssl_srv.c:2008: |2| <= parse client hello
ssl_srv.c:4219: |2| server state: 2
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:2383: |2| => write server hello
ssl_srv.c:2417: |3| server hello, chosen version: [3:3]
ssl_srv.c:2426: |3| server hello, current time: 3
ssl_srv.c:2441: |3| dumping 'server hello, random bytes' (32 bytes)
ssl_srv.c:2441: |3| 0000:  00 00 00 00 80 ed f4 73 df 3e a6 01 48 19 e1 b5  .......s.>..H...
ssl_srv.c:2441: |3| 0010:  30 81 11 ce 8e a6 d0 0f 58 5e 5a 14 c8 65 4f ac  0.......X^Z..eO.
ssl_srv.c:2514: |3| server hello, session id len.: 32
ssl_srv.c:2515: |3| dumping 'server hello, session id' (32 bytes)
ssl_srv.c:2515: |3| 0000:  1a 66 0a cd 79 c1 49 54 47 53 2d d4 19 3b d6 39  .f..y.ITGS-..;.9
ssl_srv.c:2515: |3| 0010:  77 3d c7 41 d8 df 52 6e bf c1 b9 32 85 aa 97 f9  w=.A..Rn...2....
ssl_srv.c:2517: |3| no session has been resumed
ssl_srv.c:2524: |3| server hello, chosen ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:2526: |3| server hello, compress alg.: 0x00
ssl_srv.c:2145: |3| server hello, secure renegotiation extension
ssl_srv.c:2216: |3| server hello, supported_point_formats extension
ssl_srv.c:2581: |3| server hello, total extension length: 11
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 87
ssl_tls.c:2913: |4| dumping 'output record sent to network' (92 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 57 02 00 00 53 03 03 00 00 00 00 80  ....W...S.......
ssl_tls.c:2913: |4| 0010:  ed f4 73 df 3e a6 01 48 19 e1 b5 30 81 11 ce 8e  ..s.>..H...0....
ssl_tls.c:2913: |4| 0020:  a6 d0 0f 58 5e 5a 14 c8 65 4f ac 20 1a 66 0a cd  ...X^Z..eO. .f..
ssl_tls.c:2913: |4| 0030:  79 c1 49 54 47 53 2d d4 19 3b d6 39 77 3d c7 41  y.ITGS-..;.9w=.A
ssl_tls.c:2913: |4| 0040:  d8 df 52 6e bf c1 b9 32 85 aa 97 f9 c0 2b 00 00  ..Rn...2.....+..
ssl_tls.c:2913: |4| 0050:  0b ff 01 00 01 00 00 0b 00 02 01 00              ............
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 92, out_left: 92
ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:2600: |2| <= write server hello
ssl_srv.c:4219: |2| server state: 3
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:4259: |2| => write certificate
ssl_tls.c:4311: |3| own certificate #1:
ssl_tls.c:4311: |3| cert. version     : 3
ssl_tls.c:4311: |3| serial number     : 09
ssl_tls.c:4311: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_tls.c:4311: |3| issued  on        : 2013-09-24 15:52:04
ssl_tls.c:4311: |3| expires on        : 2023-09-22 15:52:04
ssl_tls.c:4311: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4311: |3| EC key size       : 256 bits
ssl_tls.c:4311: |3| basic constraints : CA=false
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_tls.c:4311: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_tls.c:4311: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_tls.c:4311: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_tls.c:4311: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_tls.c:4311: |3| own certificate #2:
ssl_tls.c:4311: |3| cert. version     : 3
ssl_tls.c:4311: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_tls.c:4311: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| issued  on        : 2013-09-24 15:49:48
ssl_tls.c:4311: |3| expires on        : 2023-09-22 15:49:48
ssl_tls.c:4311: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4311: |3| EC key size       : 384 bits
ssl_tls.c:4311: |3| basic constraints : CA=true
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_tls.c:4311: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_tls.c:4311: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_tls.c:4311: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_tls.c:4311: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_tls.c:4311: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_tls.c:4311: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 1158
ssl_tls.c:2913: |4| dumping 'output record sent to network' (1163 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 04 86 0b 00 04 82 00 04 7f 00 02 23 30  ..............#0
ssl_tls.c:2913: |4| 0010:  82 02 1f 30 82 01 a5 a0 03 02 01 02 02 01 09 30  ...0...........0
ssl_tls.c:2913: |4| 0020:  0a 06 08 2a 86 48 ce 3d 04 03 02 30 3e 31 0b 30  ...*.H.=...0>1.0
ssl_tls.c:2913: |4| 0030:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 0040:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 0050:  1a 06 03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c  ...U....Polarssl
ssl_tls.c:2913: |4| 0060:  20 54 65 73 74 20 45 43 20 43 41 30 1e 17 0d 31   Test EC CA0...1
ssl_tls.c:2913: |4| 0070:  33 30 39 32 34 31 35 35 32 30 34 5a 17 0d 32 33  30924155204Z..23
ssl_tls.c:2913: |4| 0080:  30 39 32 32 31 35 35 32 30 34 5a 30 34 31 0b 30  0922155204Z041.0
ssl_tls.c:2913: |4| 0090:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 00a0:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 12 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 00b0:  10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73  ...U....localhos
ssl_tls.c:2913: |4| 00c0:  74 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08  t0Y0...*.H.=....
ssl_tls.c:2913: |4| 00d0:  2a 86 48 ce 3d 03 01 07 03 42 00 04 37 cc 56 d9  *.H.=....B..7.V.
ssl_tls.c:2913: |4| 00e0:  76 09 1e 5a 72 3e c7 59 2d ff 20 6e ee 7c f9 06  v..Zr>.Y-. n.|..
ssl_tls.c:2913: |4| 00f0:  91 74 d0 ad 14 b5 f7 68 22 59 62 92 4e e5 00 d8  .t.....h"Yb.N...
ssl_tls.c:2913: |4| 0100:  23 11 ff ea 2f d2 34 5d 5d 16 bd 8a 88 c2 6b 77  #.../.4]].....kw
ssl_tls.c:2913: |4| 0110:  0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff a3 81 9d 30  .U..*..........0
ssl_tls.c:2913: |4| 0120:  81 9a 30 09 06 03 55 1d 13 04 02 30 00 30 1d 06  ..0...U....0.0..
ssl_tls.c:2913: |4| 0130:  03 55 1d 0e 04 16 04 14 50 61 a5 8f d4 07 d9 d7  .U......Pa......
ssl_tls.c:2913: |4| 0140:  82 01 0c e5 65 7f 8c 63 46 a7 13 be 30 6e 06 03  ....e..cF...0n..
ssl_tls.c:2913: |4| 0150:  55 1d 23 04 67 30 65 80 14 9d 6d 20 24 49 01 3f  U.#.g0e...m $I.?
ssl_tls.c:2913: |4| 0160:  2b cb 78 b5 19 bc 7e 24 c9 db fb 36 7c a1 42 a4  +.x...~$...6|.B.
ssl_tls.c:2913: |4| 0170:  40 30 3e 31 0b 30 09 06 03 55 04 06 13 02 4e 4c  @0>1.0...U....NL
ssl_tls.c:2913: |4| 0180:  31 11 30 0f 06 03 55 04 0a 13 08 50 6f 6c 61 72  1.0...U....Polar
ssl_tls.c:2913: |4| 0190:  53 53 4c 31 1c 30 1a 06 03 55 04 03 13 13 50 6f  SSL1.0...U....Po
ssl_tls.c:2913: |4| 01a0:  6c 61 72 73 73 6c 20 54 65 73 74 20 45 43 20 43  larssl Test EC C
ssl_tls.c:2913: |4| 01b0:  41 82 09 00 c1 43 e2 7e 62 43 cc e8 30 0a 06 08  A....C.~bC..0...
ssl_tls.c:2913: |4| 01c0:  2a 86 48 ce 3d 04 03 02 03 68 00 30 65 02 31 00  *.H.=....h.0e.1.
ssl_tls.c:2913: |4| 01d0:  9a 2c 5c d7 a6 db a2 e5 64 0d f0 b9 4e dd d7 61  .,\.....d...N..a
ssl_tls.c:2913: |4| 01e0:  d6 13 31 c7 ab 73 80 bb d3 d3 73 13 54 ad 92 0b  ..1..s....s.T...
ssl_tls.c:2913: |4| 01f0:  5d ab d0 bc f7 ae 2f e6 a1 21 29 35 95 aa 3e 39  ]...../..!)5..>9
ssl_tls.c:2913: |4| 0200:  02 30 21 36 7f 9d c6 5d c6 0b ab 27 f2 25 1d 3b  .0!6...]...'..;
ssl_tls.c:2913: |4| 0210:  f1 cf f1 35 25 14 e7 e5 f1 97 b5 59 e3 5e 15 7c  ...5......Y.^.|
ssl_tls.c:2913: |4| 0220:  66 b9 90 7b c7 01 10 4f 73 c6 00 21 52 2a 0e f1  f..{...Os..!R*..
ssl_tls.c:2913: |4| 0230:  c7 d5 00 02 56 30 82 02 52 30 82 01 d7 a0 03 02  ....V0..R0......
ssl_tls.c:2913: |4| 0240:  01 02 02 09 00 c1 43 e2 7e 62 43 cc e8 30 0a 06  ......C.~bC..0..
ssl_tls.c:2913: |4| 0250:  08 2a 86 48 ce 3d 04 03 02 30 3e 31 0b 30 09 06  .*.H.=...0>1.0..
ssl_tls.c:2913: |4| 0260:  03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03 55 04  .U....NL1.0...U.
ssl_tls.c:2913: |4| 0270:  0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30 1a 06  ...PolarSSL1.0..
ssl_tls.c:2913: |4| 0280:  03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c 20 54  .U....Polarssl T
ssl_tls.c:2913: |4| 0290:  65 73 74 20 45 43 20 43 41 30 1e 17 0d 31 33 30  est EC CA0...130
ssl_tls.c:2913: |4| 02a0:  39 32 34 31 35 34 39 34 38 5a 17 0d 32 33 30 39  924154948Z..2309
ssl_tls.c:2913: |4| 02b0:  32 32 31 35 34 39 34 38 5a 30 3e 31 0b 30 09 06  22154948Z0>1.0..
ssl_tls.c:2913: |4| 02c0:  03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03 55 04  .U....NL1.0...U.
ssl_tls.c:2913: |4| 02d0:  0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30 1a 06  ...PolarSSL1.0..
ssl_tls.c:2913: |4| 02e0:  03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c 20 54  .U....Polarssl T
ssl_tls.c:2913: |4| 02f0:  65 73 74 20 45 43 20 43 41 30 76 30 10 06 07 2a  est EC CA0v0...*
ssl_tls.c:2913: |4| 0300:  86 48 ce 3d 02 01 06 05 2b 81 04 00 22 03 62 00  .H.=....+...".b.
ssl_tls.c:2913: |4| 0310:  04 c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29  ...+4A7X/.V....)
ssl_tls.c:2913: |4| 0320:  43 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91  CKN.n..WS39X.R..
ssl_tls.c:2913: |4| 0330:  95 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c  .9.#._.$bH...).,
ssl_tls.c:2913: |4| 0340:  2d 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e  -...R...j.!....n
ssl_tls.c:2913: |4| 0350:  58 b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7  X....i..A.).._u.
ssl_tls.c:2913: |4| 0360:  47 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33  Go..)Ui.S; .f.`3
ssl_tls.c:2913: |4| 0370:  1e a3 81 a0 30 81 9d 30 1d 06 03 55 1d 0e 04 16  ....0..0...U....
ssl_tls.c:2913: |4| 0380:  04 14 9d 6d 20 24 49 01 3f 2b cb 78 b5 19 bc 7e  ...m $I.?+.x...~
ssl_tls.c:2913: |4| 0390:  24 c9 db fb 36 7c 30 6e 06 03 55 1d 23 04 67 30  $...6|0n..U.#.g0
ssl_tls.c:2913: |4| 03a0:  65 80 14 9d 6d 20 24 49 01 3f 2b cb 78 b5 19 bc  e...m $I.?+.x...
ssl_tls.c:2913: |4| 03b0:  7e 24 c9 db fb 36 7c a1 42 a4 40 30 3e 31 0b 30  ~$...6|.B.@0>1.0
ssl_tls.c:2913: |4| 03c0:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 03d0:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 03e0:  1a 06 03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c  ...U....Polarssl
ssl_tls.c:2913: |4| 03f0:  20 54 65 73 74 20 45 43 20 43 41 82 09 00 c1 43   Test EC CA....C
ssl_tls.c:2913: |4| 0400:  e2 7e 62 43 cc e8 30 0c 06 03 55 1d 13 04 05 30  .~bC..0...U....0
ssl_tls.c:2913: |4| 0410:  03 01 01 ff 30 0a 06 08 2a 86 48 ce 3d 04 03 02  ....0...*.H.=...
ssl_tls.c:2913: |4| 0420:  03 69 00 30 66 02 31 00 c3 b4 62 73 56 28 95 00  .i.0f.1...bsV(..
ssl_tls.c:2913: |4| 0430:  7d 78 12 26 d2 71 7b 19 f8 8a 98 3e 92 fe 33 9e  }x.&.q{....>..3.
ssl_tls.c:2913: |4| 0440:  e4 79 d2 fe 7a b7 87 74 3c 2b b8 d7 69 94 0b a3  .y..z..t<+..i...
ssl_tls.c:2913: |4| 0450:  67 77 b8 b3 be d1 36 32 02 31 00 fd 67 9c 94 23  gw....62.1..g..#
ssl_tls.c:2913: |4| 0460:  67 c0 56 ba 4b 33 15 00 c6 e3 cc 31 08 2c 9c 8b  g.V.K3.....1.,..
ssl_tls.c:2913: |4| 0470:  da a9 75 23 2f b8 28 e7 f2 9c 14 3a 40 01 5c af  ..u#/.(....:@.\.
ssl_tls.c:2913: |4| 0480:  0c b2 cf 74 7f 30 9f 08 43 ad 20                 ...t.0..C. 
ssl_tls.c:2471: |2| => flush output

Continuation:

ssl_tls.c:2490: |2| message length: 1163, out_left: 1163
ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_tls.c:4363: |2| <= write certificate
ssl_srv.c:4219: |2| server state: 4
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3232: |2| => write server key exchange
ssl_srv.c:3011: |2| ECDHE curve: secp384r1
ssl_srv.c:3036: |3| value of 'ECDH: Q (X)' (384 bits) is:
ssl_srv.c:3036: |3|  b8 aa c7 d3 18 07 42 8a 88 38 26 cf 2d 4b 75 37
ssl_srv.c:3036: |3|  cd ca d5 aa 6c c6 2e 31 1b 7d 13 09 c7 d0 94 82
ssl_srv.c:3036: |3|  d4 c5 9e f0 30 7c 04 1d 35 c0 4a 1a 80 ad fd 8e
ssl_srv.c:3036: |3| value of 'ECDH: Q (Y)' (384 bits) is:
ssl_srv.c:3036: |3|  9d a5 8d db 89 4f 33 ef 50 f2 1d b9 1b 20 08 9a
ssl_srv.c:3036: |3|  d6 75 39 37 86 31 8f 83 4c 8a f2 92 b5 02 a8 1e
ssl_srv.c:3036: |3|  04 a4 a4 b3 f3 b7 37 1c 38 30 77 cb 0a 6a 80 d5
ssl_srv.c:3099: |3| pick hash algorithm 6 for signing
ssl_srv.c:3137: |3| dumping 'parameters hash' (32 bytes)
ssl_srv.c:3137: |3| 0000:  e6 cc c8 f0 87 3b 5e 74 84 28 45 3c 6b 9e ff 43  .....;^t.(E<k..C
ssl_srv.c:3137: |3| 0010:  80 64 7d d2 f7 f3 96 29 c4 5f c2 98 ae 90 cd 4b  .d}....)._.....K
ssl_srv.c:3297: |3| dumping 'my signature' (70 bytes)
ssl_srv.c:3297: |3| 0000:  30 44 02 20 7b a4 b3 4e f6 f1 6c 51 a9 1b b4 09  0D. {..N..lQ....
ssl_srv.c:3297: |3| 0010:  52 2f 64 43 de 98 3a 10 4f fe 0a bc 04 c8 5f 6c  R/dC..:.O....._l
ssl_srv.c:3297: |3| 0020:  00 60 72 0b 02 20 39 3d ff c5 f8 1c b0 f5 1d a2  .`r.. 9=........
ssl_srv.c:3297: |3| 0030:  52 3e e4 1d c2 af 6d d4 b0 b7 f6 b8 ee 03 f9 b4  R>....m.........
ssl_srv.c:3297: |3| 0040:  f6 c8 19 68 da f1                                ...h..
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 179
ssl_tls.c:2913: |4| dumping 'output record sent to network' (184 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 b3 0c 00 00 af 03 00 18 61 04 b8 aa  ............a...
ssl_tls.c:2913: |4| 0010:  c7 d3 18 07 42 8a 88 38 26 cf 2d 4b 75 37 cd ca  ....B..8&.-Ku7..
ssl_tls.c:2913: |4| 0020:  d5 aa 6c c6 2e 31 1b 7d 13 09 c7 d0 94 82 d4 c5  ..l..1.}........
ssl_tls.c:2913: |4| 0030:  9e f0 30 7c 04 1d 35 c0 4a 1a 80 ad fd 8e 9d a5  ..0|..5.J.......
ssl_tls.c:2913: |4| 0040:  8d db 89 4f 33 ef 50 f2 1d b9 1b 20 08 9a d6 75  ...O3.P.... ...u
ssl_tls.c:2913: |4| 0050:  39 37 86 31 8f 83 4c 8a f2 92 b5 02 a8 1e 04 a4  97.1..L.........
ssl_tls.c:2913: |4| 0060:  a4 b3 f3 b7 37 1c 38 30 77 cb 0a 6a 80 d5 04 03  ....7.80w..j....
ssl_tls.c:2913: |4| 0070:  00 46 30 44 02 20 7b a4 b3 4e f6 f1 6c 51 a9 1b  .F0D. {..N..lQ..
ssl_tls.c:2913: |4| 0080:  b4 09 52 2f 64 43 de 98 3a 10 4f fe 0a bc 04 c8  ..R/dC..:.O.....
ssl_tls.c:2913: |4| 0090:  5f 6c 00 60 72 0b 02 20 39 3d ff c5 f8 1c b0 f5  _l.`r.. 9=......
ssl_tls.c:2913: |4| 00a0:  1d a2 52 3e e4 1d c2 af 6d d4 b0 b7 f6 b8 ee 03  ..R>....m.......
ssl_tls.c:2913: |4| 00b0:  f9 b4 f6 c8 19 68 da f1                          .....h..
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 184, out_left: 184
ssl_tls.c:2496: |2| ssl->f_send() returned 184 (-0xffffff48)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:3316: |2| <= write server key exchange
ssl_srv.c:4219: |2| server state: 5
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:2645: |2| => write certificate request
ssl_srv.c:2663: |2| <= skip write certificate request
ssl_srv.c:4219: |2| server state: 6
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3324: |2| => write server hello done
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 4
ssl_tls.c:2913: |4| dumping 'output record sent to network' (9 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 04 0e 00 00 00                       .........
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 9, out_left: 9
ssl_tls.c:2496: |2| ssl->f_send() returned -80 (-0x0050)
ssl_tls.c:2918: |1| mbedtls_ssl_flush_output() returned -80 (-0x0050)
ssl_srv.c:3339: |1| mbedtls_ssl_write_record() returned -80 (-0x0050)
ssl_tls.c:6764: |2| <= handshake
ssl_tls.c:6754: |2| => handshake
ssl_srv.c:4219: |2| server state: 0
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:4219: |2| server state: 1
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:1192: |2| => parse client hello
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_srv.c:1224: |4| dumping 'record header' (5 bytes)
ssl_srv.c:1224: |4| 0000:  16 03 01 02 00                                   .....
ssl_srv.c:1236: |3| client hello v3, message type: 22
ssl_srv.c:1245: |3| client hello v3, message len.: 512
ssl_srv.c:1248: |3| client hello v3, protocol version: [3:1]
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 517
ssl_tls.c:2437: |2| in_left: 5, nb_want: 517
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)
ssl_tls.c:2458: |2| <= fetch input
ssl_srv.c:1330: |4| dumping 'record contents' (512 bytes)
ssl_srv.c:1330: |4| 0000:  01 00 01 fc 03 03 92 d8 ad 10 0f 61 c8 87 d6 c3  ...........a....
ssl_srv.c:1330: |4| 0010:  22 19 dc 99 d7 66 8c d1 3d d3 6f f8 b8 b4 10 ac  "....f..=.o.....
ssl_srv.c:1330: |4| 0020:  ca 16 81 c6 02 24 20 53 69 9a dd 81 0d e7 99 5f  .....$ Si......_
ssl_srv.c:1330: |4| 0030:  2f b1 c7 ec 9e e0 96 81 ad 9d 8e c3 db 40 50 91  /............@P.
ssl_srv.c:1330: |4| 0040:  d0 f6 31 18 47 c0 c6 00 22 9a 9a 13 01 13 02 13  ..1.G...".......
ssl_srv.c:1330: |4| 0050:  03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0  ..+./.,.0.......
ssl_srv.c:1330: |4| 0060:  14 00 9c 00 9d 00 2f 00 35 00 0a 01 00 01 91 fa  ....../.5.......
ssl_srv.c:1330: |4| 0070:  fa 00 00 00 17 00 00 ff 01 00 01 00 00 0a 00 0a  ................
ssl_srv.c:1330: |4| 0080:  00 08 3a 3a 00 1d 00 17 00 18 00 0b 00 02 01 00  ..::............
ssl_srv.c:1330: |4| 0090:  00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74  .#.........h2.ht
ssl_srv.c:1330: |4| 00a0:  74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00 00  tp/1.1..........
ssl_srv.c:1330: |4| 00b0:  0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05 05  ................
ssl_srv.c:1330: |4| 00c0:  01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b 00  ............3.+.
ssl_srv.c:1330: |4| 00d0:  29 3a 3a 00 01 00 00 1d 00 20 e3 a8 3e 80 c7 25  )::...... ..>..
ssl_srv.c:1330: |4| 00e0:  51 0d f5 d0 d4 e8 7e e2 5b f6 70 f0 12 b6 81 64  Q.....~.[.p....d
ssl_srv.c:1330: |4| 00f0:  25 26 da 37 4f ab 26 0e 26 36 00 2d 00 02 01 01  &.7O.&.&6.-....
ssl_srv.c:1330: |4| 0100:  00 2b 00 0b 0a aa aa 03 04 03 03 03 02 03 01 00  .+..............
ssl_srv.c:1330: |4| 0110:  1b 00 03 02 00 02 4a 4a 00 01 00 00 15 00 e1 00  ......JJ........
ssl_srv.c:1330: |4| 0120:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0130:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0150:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0160:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0170:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0190:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01a0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01b0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01c0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1348: |3| client hello v3, handshake type: 1
ssl_srv.c:1357: |3| client hello v3, handshake len.: 508
ssl_srv.c:1446: |3| dumping 'client hello, version' (2 bytes)
ssl_srv.c:1446: |3| 0000:  03 03                                            ..
ssl_srv.c:1477: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_srv.c:1477: |3| 0000:  92 d8 ad 10 0f 61 c8 87 d6 c3 22 19 dc 99 d7 66  .....a...."....f
ssl_srv.c:1477: |3| 0010:  8c d1 3d d3 6f f8 b8 b4 10 ac ca 16 81 c6 02 24  ..=.o..........$
ssl_srv.c:1495: |3| dumping 'client hello, session id' (32 bytes)
ssl_srv.c:1495: |3| 0000:  53 69 9a dd 81 0d e7 99 5f 2f b1 c7 ec 9e e0 96  Si......_/......
ssl_srv.c:1495: |3| 0010:  81 ad 9d 8e c3 db 40 50 91 d0 f6 31 18 47 c0 c6  ......@P...1.G..
ssl_srv.c:1580: |3| dumping 'client hello, ciphersuitelist' (34 bytes)
ssl_srv.c:1580: |3| 0000:  9a 9a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30  .........+./.,.0
ssl_srv.c:1580: |3| 0010:  cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35  ............./.5
ssl_srv.c:1580: |3| 0020:  00 0a                                            ..
ssl_srv.c:1600: |3| dumping 'client hello, compression' (1 bytes)
ssl_srv.c:1600: |3| 0000:  00                                               .
ssl_srv.c:1655: |3| dumping 'client hello extensions' (401 bytes)
ssl_srv.c:1655: |3| 0000:  fa fa 00 00 00 17 00 00 ff 01 00 01 00 00 0a 00  ................
ssl_srv.c:1655: |3| 0010:  0a 00 08 3a 3a 00 1d 00 17 00 18 00 0b 00 02 01  ...::...........
ssl_srv.c:1655: |3| 0020:  00 00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68  ..#.........h2.h
ssl_srv.c:1655: |3| 0030:  74 74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00  ttp/1.1.........
ssl_srv.c:1655: |3| 0040:  00 0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05  ................
ssl_srv.c:1655: |3| 0050:  05 01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b  .............3.+
ssl_srv.c:1655: |3| 0060:  00 29 3a 3a 00 01 00 00 1d 00 20 e3 a8 3e 80 c7  .)::...... ..>..
ssl_srv.c:1655: |3| 0070:  25 51 0d f5 d0 d4 e8 7e e2 5b f6 70 f0 12 b6 81  Q.....~.[.p....
ssl_srv.c:1655: |3| 0080:  64 25 26 da 37 4f ab 26 0e 26 36 00 2d 00 02 01  d&.7O.&.&6.-...
ssl_srv.c:1655: |3| 0090:  01 00 2b 00 0b 0a aa aa 03 04 03 03 03 02 03 01  ..+.............
ssl_srv.c:1655: |3| 00a0:  00 1b 00 03 02 00 02 4a 4a 00 01 00 00 15 00 e1  .......JJ.......
ssl_srv.c:1655: |3| 00b0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00c0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0100:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0110:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0120:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0130:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0150:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0160:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0170:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0190:  00                                               .
ssl_srv.c:1803: |3| unknown extension found: 64250 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 23 (ignoring)
ssl_srv.c:1686: |3| found renegotiation extension
ssl_srv.c:1713: |3| found supported elliptic curves extension
ssl_srv.c:1721: |3| found supported point formats extension
ssl_srv.c:0356: |4| point format selected: 0
ssl_srv.c:1803: |3| unknown extension found: 35 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 16 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 5 (ignoring)
ssl_srv.c:1699: |3| found signature_algorithms extension
ssl_srv.c:0252: |3| client hello v3, signature_algorithm ext: match sig 4 and hash 6
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 4
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0252: |3| client hello v3, signature_algorithm ext: match sig 4 and hash 7
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 5
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 6
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:1803: |3| unknown extension found: 18 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 51 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 45 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 43 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 27 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 19018 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 21 (ignoring)
ssl_srv.c:0801: |3| trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:0699: |3| ciphersuite requires certificate
ssl_srv.c:0710: |3| candidate certificate chain, certificate #1:
ssl_srv.c:0710: |3| cert. version     : 3
ssl_srv.c:0710: |3| serial number     : 09
ssl_srv.c:0710: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_srv.c:0710: |3| issued  on        : 2013-09-24 15:52:04
ssl_srv.c:0710: |3| expires on        : 2023-09-22 15:52:04
ssl_srv.c:0710: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0710: |3| EC key size       : 256 bits
ssl_srv.c:0710: |3| basic constraints : CA=false
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_srv.c:0710: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_srv.c:0710: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_srv.c:0710: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_srv.c:0710: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_srv.c:0710: |3| candidate certificate chain, certificate #2:
ssl_srv.c:0710: |3| cert. version     : 3
ssl_srv.c:0710: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_srv.c:0710: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| issued  on        : 2013-09-24 15:49:48
ssl_srv.c:0710: |3| expires on        : 2023-09-22 15:49:48
ssl_srv.c:0710: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0710: |3| EC key size       : 384 bits
ssl_srv.c:0710: |3| basic constraints : CA=true
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_srv.c:0710: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_srv.c:0710: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_srv.c:0710: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_srv.c:0710: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_srv.c:0710: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_srv.c:0710: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_srv.c:0772: |3| selected certificate chain, certificate #1:
ssl_srv.c:0772: |3| cert. version     : 3
ssl_srv.c:0772: |3| serial number     : 09
ssl_srv.c:0772: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_srv.c:0772: |3| issued  on        : 2013-09-24 15:52:04
ssl_srv.c:0772: |3| expires on        : 2023-09-22 15:52:04
ssl_srv.c:0772: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0772: |3| EC key size       : 256 bits
ssl_srv.c:0772: |3| basic constraints : CA=false
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_srv.c:0772: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_srv.c:0772: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_srv.c:0772: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_srv.c:0772: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_srv.c:0772: |3| selected certificate chain, certificate #2:
ssl_srv.c:0772: |3| cert. version     : 3
ssl_srv.c:0772: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_srv.c:0772: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| issued  on        : 2013-09-24 15:49:48
ssl_srv.c:0772: |3| expires on        : 2023-09-22 15:49:48
ssl_srv.c:0772: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0772: |3| EC key size       : 384 bits
ssl_srv.c:0772: |3| basic constraints : CA=true
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_srv.c:0772: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_srv.c:0772: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_srv.c:0772: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_srv.c:0772: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_srv.c:0772: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_srv.c:0772: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:1998: |3| client hello v3, signature_algorithm ext: 4
ssl_srv.c:2008: |2| <= parse client hello
ssl_srv.c:4219: |2| server state: 2
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:2383: |2| => write server hello
ssl_srv.c:2417: |3| server hello, chosen version: [3:3]
ssl_srv.c:2426: |3| server hello, current time: 3
ssl_srv.c:2441: |3| dumping 'server hello, random bytes' (32 bytes)
ssl_srv.c:2441: |3| 0000:  00 00 00 00 54 ee 5b cf 6c 93 45 ef b4 67 23 e1  ....T.[.l.E..g#.
ssl_srv.c:2441: |3| 0010:  d1 29 92 1a ba e4 29 c4 c9 d3 ad 47 c9 12 fd e5  .)....)....G....
ssl_srv.c:2514: |3| server hello, session id len.: 32
ssl_srv.c:2515: |3| dumping 'server hello, session id' (32 bytes)
ssl_srv.c:2515: |3| 0000:  54 ab b6 05 3b 0f fd 21 06 c4 b9 25 4c 5c d2 35  T...;..!...\.5
ssl_srv.c:2515: |3| 0010:  ca 94 ec bf e1 38 00 dc 5a 40 44 d7 25 a1 6e 5b  .....8..Z@D..n[
ssl_srv.c:2517: |3| no session has been resumed
ssl_srv.c:2524: |3| server hello, chosen ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:2526: |3| server hello, compress alg.: 0x00
ssl_srv.c:2145: |3| server hello, secure renegotiation extension
ssl_srv.c:2216: |3| server hello, supported_point_formats extension
ssl_srv.c:2581: |3| server hello, total extension length: 11
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 87
ssl_tls.c:2913: |4| dumping 'output record sent to network' (92 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 57 02 00 00 53 03 03 00 00 00 00 54  ....W...S......T
ssl_tls.c:2913: |4| 0010:  ee 5b cf 6c 93 45 ef b4 67 23 e1 d1 29 92 1a ba  .[.l.E..g#..)...
ssl_tls.c:2913: |4| 0020:  e4 29 c4 c9 d3 ad 47 c9 12 fd e5 20 54 ab b6 05  .)....G.... T...
ssl_tls.c:2913: |4| 0030:  3b 0f fd 21 06 c4 b9 25 4c 5c d2 35 ca 94 ec bf  ;..!...\.5....
ssl_tls.c:2913: |4| 0040:  e1 38 00 dc 5a 40 44 d7 25 a1 6e 5b c0 2b 00 00  .8..Z@D..n[.+..
ssl_tls.c:2913: |4| 0050:  0b ff 01 00 01 00 00 0b 00 02 01 00              ............
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 92, out_left: 92
ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:2600: |2| <= write server hello
ssl_srv.c:4219: |2| server state: 3
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:4259: |2| => write certificate
ssl_tls.c:4311: |3| own certificate #1:
ssl_tls.c:4311: |3| cert. version     : 3
ssl_tls.c:4311: |3| serial number     : 09
ssl_tls.c:4311: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_tls.c:4311: |3| issued  on        : 2013-09-24 15:52:04
ssl_tls.c:4311: |3| expires on        : 2023-09-22 15:52:04
ssl_tls.c:4311: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4311: |3| EC key size       : 256 bits
ssl_tls.c:4311: |3| basic constraints : CA=false
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_tls.c:4311: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_tls.c:4311: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_tls.c:4311: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_tls.c:4311: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_tls.c:4311: |3| own certificate #2:
ssl_tls.c:4311: |3| cert. version     : 3
ssl_tls.c:4311: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_tls.c:4311: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| issued  on        : 2013-09-24 15:49:48
ssl_tls.c:4311: |3| expires on        : 2023-09-22 15:49:48
ssl_tls.c:4311: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4311: |3| EC key size       : 384 bits
ssl_tls.c:4311: |3| basic constraints : CA=true
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_tls.c:4311: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_tls.c:4311: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_tls.c:4311: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_tls.c:4311: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_tls.c:4311: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_tls.c:4311: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 1158
ssl_tls.c:2913: |4| dumping 'output record sent to network' (1163 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 04 86 0b 00 04 82 00 04 7f 00 02 23 30  ..............#0
ssl_tls.c:2913: |4| 0010:  82 02 1f 30 82 01 a5 a0 03 02 01 02 02 01 09 30  ...0...........0
ssl_tls.c:2913: |4| 0020:  0a 06 08 2a 86 48 ce 3d 04 03 02 30 3e 31 0b 30  ...*.H.=...0>1.0
ssl_tls.c:2913: |4| 0030:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 0040:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 0050:  1a 06 03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c  ...U....Polarssl
ssl_tls.c:2913: |4| 0060:  20 54 65 73 74 20 45 43 20 43 41 30 1e 17 0d 31   Test EC CA0...1
ssl_tls.c:2913: |4| 0070:  33 30 39 32 34 31 35 35 32 30 34 5a 17 0d 32 33  30924155204Z..23
ssl_tls.c:2913: |4| 0080:  30 39 32 32 31 35 35 32 30 34 5a 30 34 31 0b 30  0922155204Z041.0
ssl_tls.c:2913: |4| 0090:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 00a0:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 12 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 00b0:  10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73  ...U....localhos
ssl_tls.c:2913: |4| 00c0:  74 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08  t0Y0...*.H.=....
ssl_tls.c:2913: |4| 00d0:  2a 86 48 ce 3d 03 01 07 03 42 00 04 37 cc 56 d9  *.H.=....B..7.V.
ssl_tls.c:2913: |4| 00e0:  76 09 1e 5a 72 3e c7 59 2d ff 20 6e ee 7c f9 06  v..Zr>.Y-. n.|..
ssl_tls.c:2913: |4| 00f0:  91 74 d0 ad 14 b5 f7 68 22 59 62 92 4e e5 00 d8  .t.....h"Yb.N...
ssl_tls.c:2913: |4| 0100:  23 11 ff ea 2f d2 34 5d 5d 16 bd 8a 88 c2 6b 77  #.../.4]].....kw
ssl_tls.c:2913: |4| 0110:  0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff a3 81 9d 30  .U..*..........0
ssl_tls.c:2913: |4| 0120:  81 9a 30 09 06 03 55 1d 13 04 02 30 00 30 1d 06  ..0...U....0.0..
ssl_tls.c:2913: |4| 0130:  03 55 1d 0e 04 16 04 14 50 61 a5 8f d4 07 d9 d7  .U......Pa......
ssl_tls.c:2913: |4| 0140:  82 01 0c e5 65 7f 8c 63 46 a7 13 be 30 6e 06 03  ....e..cF...0n..
ssl_tls.c:2913: |4| 0150:  55 1d 23 04 67 30 65 80 14 9d 6d 20 24 49 01 3f  U.#.g0e...m $I.?
ssl_tls.c:2913: |4| 0160:  2b cb 78 b5 19 bc 7e 24 c9 db fb 36 7c a1 42 a4  +.x...~$...6|.B.
ssl_tls.c:2913: |4| 0170:  40 30 3e 31 0b 30 09 06 03 55 04 06 13 02 4e 4c  @0>1.0...U....NL
ssl_tls.c:2913: |4| 0180:  31 11 30 0f 06 03 55 04 0a 13 08 50 6f 6c 61 72  1.0...U....Polar
ssl_tls.c:2913: |4| 0190:  53 53 4c 31 1c 30 1a 06 03 55 04 03 13 13 50 6f  SSL1.0...U....Po
ssl_tls.c:2913: |4| 01a0:  6c 61 72 73 73 6c 20 54 65 73 74 20 45 43 20 43  larssl Test EC C
ssl_tls.c:2913: |4| 01b0:  41 82 09 00 c1 43 e2 7e 62 43 cc e8 30 0a 06 08  A....C.~bC..0...
ssl_tls.c:2913: |4| 01c0:  2a 86 48 ce 3d 04 03 02 03 68 00 30 65 02 31 00  *.H.=....h.0e.1.
ssl_tls.c:2913: |4| 01d0:  9a 2c 5c d7 a6 db a2 e5 64 0d f0 b9 4e dd d7 61  .,\.....d...N..a
ssl_tls.c:2913: |4| 01e0:  d6 13 31 c7 ab 73 80 bb d3 d3 73 13 54 ad 92 0b  ..1..s....s.T...
ssl_tls.c:2913: |4| 01f0:  5d ab d0 bc f7 ae 2f e6 a1 21 29 35 95 aa 3e 39  ]...../..!)5..>9
ssl_tls.c:2913: |4| 0200:  02 30 21 36 7f 9d c6 5d c6 0b ab 27 f2 25 1d 3b  .0!6...]...'..;
ssl_tls.c:2913: |4| 0210:  f1 cf f1 35 25 14 e7 e5 f1 97 b5 59 e3 5e 15 7c  ...5......Y.^.|
ssl_tls.c:2913: |4| 0220:  66 b9 90 7b c7 01 10 4f 73 c6 00 21 52 2a 0e f1  f..{...Os..!R*..
ssl_tls.c:2913: |4| 0230:  c7 d5 00 02 56 30 82 02 52 30 82 01 d7 a0 03 02  ....V0..R0......
ssl_tls.c:2913: |4| 0240:  01 02 02 09 00 c1 43 e2 7e 62 43 cc e8 30 0a 06  ......C.~bC..0..
ssl_tls.c:2913: |4| 0250:  08 2a 86 48 ce 3d 04 03 02 30 3e 31 0b 30 09 06  .*.H.=...0>1.0..
ssl_tls.c:2913: |4| 0260:  03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03 55 04  .U....NL1.0...U.
ssl_tls.c:2913: |4| 0270:  0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30 1a 06  ...PolarSSL1.0..
ssl_tls.c:2913: |4| 0280:  03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c 20 54  .U....Polarssl T
ssl_tls.c:2913: |4| 0290:  65 73 74 20 45 43 20 43 41 30 1e 17 0d 31 33 30  est EC CA0...130
ssl_tls.c:2913: |4| 02a0:  39 32 34 31 35 34 39 34 38 5a 17 0d 32 33 30 39  924154948Z..2309
ssl_tls.c:2913: |4| 02b0:  32 32 31 35 34 39 34 38 5a 30 3e 31 0b 30 09 06  22154948Z0>1.0..
ssl_tls.c:2913: |4| 02c0:  03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03 55 04  .U....NL1.0...U.
ssl_tls.c:2913: |4| 02d0:  0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30 1a 06  ...PolarSSL1.0..
ssl_tls.c:2913: |4| 02e0:  03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c 20 54  .U....Polarssl T
ssl_tls.c:2913: |4| 02f0:  65 73 74 20 45 43 20 43 41 30 76 30 10 06 07 2a  est EC CA0v0...*
ssl_tls.c:2913: |4| 0300:  86 48 ce 3d 02 01 06 05 2b 81 04 00 22 03 62 00  .H.=....+...".b.
ssl_tls.c:2913: |4| 0310:  04 c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29  ...+4A7X/.V....)
ssl_tls.c:2913: |4| 0320:  43 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91  CKN.n..WS39X.R..
ssl_tls.c:2913: |4| 0330:  95 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c  .9.#._.$bH...).,
ssl_tls.c:2913: |4| 0340:  2d 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e  -...R...j.!....n
ssl_tls.c:2913: |4| 0350:  58 b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7  X....i..A.).._u.
ssl_tls.c:2913: |4| 0360:  47 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33  Go..)Ui.S; .f.`3
ssl_tls.c:2913: |4| 0370:  1e a3 81 a0 30 81 9d 30 1d 06 03 55 1d 0e 04 16  ....0..0...U....
ssl_tls.c:2913: |4| 0380:  04 14 9d 6d 20 24 49 01 3f 2b cb 78 b5 19 bc 7e  ...m $I.?+.x...~
ssl_tls.c:2913: |4| 0390:  24 c9 db fb 36 7c 30 6e 06 03 55 1d 23 04 67 30  $...6|0n..U.#.g0
ssl_tls.c:2913: |4| 03a0:  65 80 14 9d 6d 20 24 49 01 3f 2b cb 78 b5 19 bc  e...m $I.?+.x...
ssl_tls.c:2913: |4| 03b0:  7e 24 c9 db fb 36 7c a1 42 a4 40 30 3e 31 0b 30  ~$...6|.B.@0>1.0
ssl_tls.c:2913: |4| 03c0:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 03d0:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 03e0:  1a 06 03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c  ...U....Polarssl
ssl_tls.c:2913: |4| 03f0:  20 54 65 73 74 20 45 43 20 43 41 82 09 00 c1 43   Test EC CA....C
ssl_tls.c:2913: |4| 0400:  e2 7e 62 43 cc e8 30 0c 06 03 55 1d 13 04 05 30  .~bC..0...U....0
ssl_tls.c:2913: |4| 0410:  03 01 01 ff 30 0a 06 08 2a 86 48 ce 3d 04 03 02  ....0...*.H.=...
ssl_tls.c:2913: |4| 0420:  03 69 00 30 66 02 31 00 c3 b4 62 73 56 28 95 00  .i.0f.1...bsV(..
ssl_tls.c:2913: |4| 0430:  7d 78 12 26 d2 71 7b 19 f8 8a 98 3e 92 fe 33 9e  }x.&.q{....>..3.
ssl_tls.c:2913: |4| 0440:  e4 79 d2 fe 7a b7 87 74 3c 2b b8 d7 69 94 0b a3  .y..z..t<+..i...
ssl_tls.c:2913: |4| 0450:  67 77 b8 b3 be d1 36 32 02 31 00 fd 67 9c 94 23  gw....62.1..g..#
ssl_tls.c:2913: |4| 0460:  67 c0 56 ba 4b 33 15 00 c6 e3 cc 31 08 2c 9c 8b  g.V.K3.....1.,..
ssl_tls.c:2913: |4| 0470:  da a9 75 23 2f b8 28 e7 f2 9c 14 3a 40 01 5c af  ..u#/.(....:@.\.
ssl_tls.c:2913: |4| 0480:  0c b2 cf 74 7f 30 9f 08 43 ad 20                 ...t.0..C. 
ssl_tls.c:2471: |2| => flush output

Continuation (last part):

ssl_tls.c:2490: |2| message length: 1163, out_left: 1163
ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_tls.c:4363: |2| <= write certificate
ssl_srv.c:4219: |2| server state: 4
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3232: |2| => write server key exchange
ssl_srv.c:3011: |2| ECDHE curve: secp384r1
ssl_srv.c:3036: |3| value of 'ECDH: Q (X)' (381 bits) is:
ssl_srv.c:3036: |3|  14 9f 5e 09 45 67 fd 65 e9 fd 91 10 1a 15 13 e5
ssl_srv.c:3036: |3|  5a 95 70 0e 9a b1 67 7a bd 67 75 de e7 5d 0b 6c
ssl_srv.c:3036: |3|  a4 ee 4d d6 92 76 2a f4 c1 c8 a9 ba e4 74 45 5b
ssl_srv.c:3036: |3| value of 'ECDH: Q (Y)' (384 bits) is:
ssl_srv.c:3036: |3|  90 98 98 6c 9b 85 26 6c 21 70 36 32 17 4b ad 29
ssl_srv.c:3036: |3|  8b 64 a9 7a 57 a2 cc 25 7f e5 46 82 bc 07 1c c1
ssl_srv.c:3036: |3|  38 05 45 47 12 a7 66 9f d3 89 b7 d4 2f 27 9e ce
ssl_srv.c:3099: |3| pick hash algorithm 6 for signing
ssl_srv.c:3137: |3| dumping 'parameters hash' (32 bytes)
ssl_srv.c:3137: |3| 0000:  de 1a a1 9c 53 03 29 58 a9 36 a7 11 32 c0 2d 56  ....S.)X.6..2.-V
ssl_srv.c:3137: |3| 0010:  c8 e3 80 d1 82 9f 51 4c 86 18 97 b8 f0 6f 35 0b  ......QL.....o5.
ssl_srv.c:3297: |3| dumping 'my signature' (71 bytes)
ssl_srv.c:3297: |3| 0000:  30 45 02 21 00 d1 7e a8 dc 27 fe 0d a3 01 3e 93  0E.!..~..'....>.
ssl_srv.c:3297: |3| 0010:  ae e5 a5 ef 03 92 f1 67 f6 b9 d0 f4 7e 4a 2e 44  .......g....~J.D
ssl_srv.c:3297: |3| 0020:  30 75 a1 60 37 02 20 15 e2 20 9c ed 05 b1 a9 b8  0u.`7. .. ......
ssl_srv.c:3297: |3| 0030:  45 e2 d2 d2 53 24 98 32 fd cb 70 2e e5 a8 b9 48  E...S$.2..p....H
ssl_srv.c:3297: |3| 0040:  72 c3 c0 1f f7 cd 3d                             r.....=
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 180
ssl_tls.c:2913: |4| dumping 'output record sent to network' (185 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 b4 0c 00 00 b0 03 00 18 61 04 14 9f  ............a...
ssl_tls.c:2913: |4| 0010:  5e 09 45 67 fd 65 e9 fd 91 10 1a 15 13 e5 5a 95  ^.Eg.e........Z.
ssl_tls.c:2913: |4| 0020:  70 0e 9a b1 67 7a bd 67 75 de e7 5d 0b 6c a4 ee  p...gz.gu..].l..
ssl_tls.c:2913: |4| 0030:  4d d6 92 76 2a f4 c1 c8 a9 ba e4 74 45 5b 90 98  M..v*......tE[..
ssl_tls.c:2913: |4| 0040:  98 6c 9b 85 26 6c 21 70 36 32 17 4b ad 29 8b 64  .l..&l!p62.K.).d
ssl_tls.c:2913: |4| 0050:  a9 7a 57 a2 cc 25 7f e5 46 82 bc 07 1c c1 38 05  .zW....F.....8.
ssl_tls.c:2913: |4| 0060:  45 47 12 a7 66 9f d3 89 b7 d4 2f 27 9e ce 04 03  EG..f...../'....
ssl_tls.c:2913: |4| 0070:  00 47 30 45 02 21 00 d1 7e a8 dc 27 fe 0d a3 01  .G0E.!..~..'....
ssl_tls.c:2913: |4| 0080:  3e 93 ae e5 a5 ef 03 92 f1 67 f6 b9 d0 f4 7e 4a  >........g....~J
ssl_tls.c:2913: |4| 0090:  2e 44 30 75 a1 60 37 02 20 15 e2 20 9c ed 05 b1  .D0u.`7. .. ....
ssl_tls.c:2913: |4| 00a0:  a9 b8 45 e2 d2 d2 53 24 98 32 fd cb 70 2e e5 a8  ..E...S$.2..p...
ssl_tls.c:2913: |4| 00b0:  b9 48 72 c3 c0 1f f7 cd 3d                       .Hr.....=
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 185, out_left: 185
ssl_tls.c:2496: |2| ssl->f_send() returned 185 (-0xffffff47)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:3316: |2| <= write server key exchange
ssl_srv.c:4219: |2| server state: 5
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:2645: |2| => write certificate request
ssl_srv.c:2663: |2| <= skip write certificate request
ssl_srv.c:4219: |2| server state: 6
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3324: |2| => write server hello done
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 4
ssl_tls.c:2913: |4| dumping 'output record sent to network' (9 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 04 0e 00 00 00                       .........
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 9, out_left: 9
ssl_tls.c:2496: |2| ssl->f_send() returned 9 (-0xfffffff7)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:3343: |2| <= write server hello done
ssl_srv.c:4219: |2| server state: 7
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:4376: |2| => parse certificate
ssl_tls.c:4406: |2| <= skip parse certificate
ssl_srv.c:4219: |2| server state: 8
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3664: |2| => parse client key exchange
ssl_tls.c:3809: |2| => read record
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3552: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3552: |4| 0000:  16 03 03 00 66                                   ....f
ssl_tls.c:3561: |3| input record: msgtype = 22, version = [3:3], msglen = 102
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 107
ssl_tls.c:2437: |2| in_left: 5, nb_want: 107
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 102 (-0xffffff9a)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3738: |4| dumping 'input record from network' (107 bytes)
ssl_tls.c:3738: |4| 0000:  16 03 03 00 66 10 00 00 62 61 04 47 7b d0 ce 57  ....f...ba.G{..W
ssl_tls.c:3738: |4| 0010:  f4 05 6b 41 80 60 5c 1e ec 66 1b d2 d7 78 c3 ab  ..kA.`\..f...x..
ssl_tls.c:3738: |4| 0020:  07 a8 58 2c 79 e2 fe dc 7d ea 5a 26 65 ae e4 41  ..X,y...}.Z&e..A
ssl_tls.c:3738: |4| 0030:  db ec e8 78 8c 2c 30 e4 b3 56 55 13 fb e5 8a 72  ...x.,0..VU....r
ssl_tls.c:3738: |4| 0040:  12 3e 28 c4 7b d1 13 d2 1e e8 90 ab bc 70 3a 04  .>(.{........p:.
ssl_tls.c:3738: |4| 0050:  34 c0 52 0f 8b ba 92 6f eb c9 ff 3a 33 d1 71 80  4.R....o...:3.q.
ssl_tls.c:3738: |4| 0060:  cf 4c 96 4e 70 fe 13 9f 1b 90 34                 .L.Np.....4
ssl_tls.c:3161: |3| handshake message: msglen = 102, type = 16, hslen = 102
ssl_tls.c:3846: |2| <= read record
ssl_srv.c:3746: |3| value of 'ECDH: Qp (X)' (383 bits) is:
ssl_srv.c:3746: |3|  47 7b d0 ce 57 f4 05 6b 41 80 60 5c 1e ec 66 1b
ssl_srv.c:3746: |3|  d2 d7 78 c3 ab 07 a8 58 2c 79 e2 fe dc 7d ea 5a
ssl_srv.c:3746: |3|  26 65 ae e4 41 db ec e8 78 8c 2c 30 e4 b3 56 55
ssl_srv.c:3746: |3| value of 'ECDH: Qp (Y)' (381 bits) is:
ssl_srv.c:3746: |3|  13 fb e5 8a 72 12 3e 28 c4 7b d1 13 d2 1e e8 90
ssl_srv.c:3746: |3|  ab bc 70 3a 04 34 c0 52 0f 8b ba 92 6f eb c9 ff
ssl_srv.c:3746: |3|  3a 33 d1 71 80 cf 4c 96 4e 70 fe 13 9f 1b 90 34
ssl_srv.c:3758: |3| value of 'ECDH: z  ' (381 bits) is:
ssl_srv.c:3758: |3|  1b ae a1 dc a7 a4 36 02 8d dc e2 18 ba 2a 15 23
ssl_srv.c:3758: |3|  87 c8 91 1a c5 0f b0 3d 45 3c f2 0d 73 79 e3 51
ssl_srv.c:3758: |3|  5d 0e f5 ad 75 04 40 66 a5 d3 6c 60 eb d3 6e e1
ssl_tls.c:0509: |2| => derive keys
ssl_tls.c:0587: |3| dumping 'premaster secret' (48 bytes)
ssl_tls.c:0587: |3| 0000:  1b ae a1 dc a7 a4 36 02 8d dc e2 18 ba 2a 15 23  ......6......*.#
ssl_tls.c:0587: |3| 0010:  87 c8 91 1a c5 0f b0 3d 45 3c f2 0d 73 79 e3 51  .......=E<..sy.Q
ssl_tls.c:0587: |3| 0020:  5d 0e f5 ad 75 04 40 66 a5 d3 6c 60 eb d3 6e e1  ]...u.@f..l`..n.
ssl_tls.c:0676: |3| ciphersuite = TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_tls.c:0677: |3| dumping 'master secret' (48 bytes)
ssl_tls.c:0677: |3| 0000:  e0 9c c8 14 de 37 e0 d7 6a 4b f7 67 ef 1f 46 04  .....7..jK.g..F.
ssl_tls.c:0677: |3| 0010:  28 a7 97 2d 14 79 55 bf 61 a9 be 4d 33 d0 93 40  (..-.yU.a..M3..@
ssl_tls.c:0677: |3| 0020:  7e ee 03 6e f8 6e b9 75 21 d7 d1 6b 62 5c e1 45  ~..n.n.u!..kb\.E
ssl_tls.c:0678: |4| dumping 'random bytes' (64 bytes)
ssl_tls.c:0678: |4| 0000:  00 00 00 00 54 ee 5b cf 6c 93 45 ef b4 67 23 e1  ....T.[.l.E..g#.
ssl_tls.c:0678: |4| 0010:  d1 29 92 1a ba e4 29 c4 c9 d3 ad 47 c9 12 fd e5  .)....)....G....
ssl_tls.c:0678: |4| 0020:  92 d8 ad 10 0f 61 c8 87 d6 c3 22 19 dc 99 d7 66  .....a...."....f
ssl_tls.c:0678: |4| 0030:  8c d1 3d d3 6f f8 b8 b4 10 ac ca 16 81 c6 02 24  ..=.o..........$
ssl_tls.c:0679: |4| dumping 'key block' (256 bytes)
ssl_tls.c:0679: |4| 0000:  09 ba 2b 8a 09 77 7d 98 1c 43 18 a5 ac 1d 0e c4  ..+..w}..C......
ssl_tls.c:0679: |4| 0010:  66 25 c4 3b 07 4f 82 ca 45 60 51 37 df 35 3f bd  f.;.O..E`Q7.5?.
ssl_tls.c:0679: |4| 0020:  a6 8d 9c ea e7 b4 89 d3 5f bf 03 e8 2e e8 97 de  ........_.......
ssl_tls.c:0679: |4| 0030:  0a e9 69 06 24 cd ed d9 ff e0 33 c8 3b ff 09 a5  ..i.$.....3.;...
ssl_tls.c:0679: |4| 0040:  71 99 1f bc 9c f5 80 e5 33 57 cc e2 c4 5c 67 e6  q.......3W...\g.
ssl_tls.c:0679: |4| 0050:  b5 36 c9 a5 51 70 e0 28 fc 1a 5a e7 61 df ae 9e  .6..Qp.(..Z.a...
ssl_tls.c:0679: |4| 0060:  76 06 5c 01 11 99 2a b2 ca eb b6 c1 1a 13 c7 8a  v.\...*.........
ssl_tls.c:0679: |4| 0070:  be 17 53 e4 b1 27 01 4e 62 66 73 13 56 f7 00 63  ..S..'.Nbfs.V..c
ssl_tls.c:0679: |4| 0080:  c8 51 b8 7d 1e 7b 7b f0 de 7d 98 c3 9f 42 c7 18  .Q.}.{{..}...B..
ssl_tls.c:0679: |4| 0090:  28 93 a4 25 de 9c 82 f2 52 54 2d d6 5f fc a5 b4  (......RT-._...
ssl_tls.c:0679: |4| 00a0:  8c 74 f3 5c 89 3e 7a 52 55 19 ab e4 88 e6 ba a6  .t.\.>zRU.......
ssl_tls.c:0679: |4| 00b0:  b4 25 23 06 18 0f ed 79 76 4c 92 3a 2a 34 e4 a4  .#....yvL.:*4..
ssl_tls.c:0679: |4| 00c0:  8f 47 23 26 df cf 91 75 91 18 d9 77 fd 5e 79 d5  .G#&...u...w.^y.
ssl_tls.c:0679: |4| 00d0:  d3 6d 06 0c 16 30 a0 45 6c 67 5e ab 26 5a 74 e1  .m...0.Elg^.&Zt.
ssl_tls.c:0679: |4| 00e0:  dd ac 2c 98 96 2d 88 95 e8 c6 34 52 cf 4b 94 bd  ..,..-....4R.K..
ssl_tls.c:0679: |4| 00f0:  51 57 ac cb 43 e5 a3 53 27 3a d2 99 70 6d d5 cf  QW..C..S':..pm..
ssl_tls.c:0788: |3| keylen: 16, minlen: 24, ivlen: 12, maclen: 0
ssl_tls.c:0983: |2| <= derive keys
ssl_srv.c:3928: |2| <= parse client key exchange
ssl_srv.c:4219: |2| server state: 9
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3975: |2| => parse certificate verify
ssl_srv.c:3984: |2| <= skip parse certificate verify
ssl_srv.c:4219: |2| server state: 10
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:4779: |2| => parse change cipher spec
ssl_tls.c:3809: |2| => read record
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3552: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3552: |4| 0000:  14 03 03 00 01                                   .....
ssl_tls.c:3561: |3| input record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 6
ssl_tls.c:2437: |2| in_left: 5, nb_want: 6
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 1 (-0xffffffff)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3738: |4| dumping 'input record from network' (6 bytes)
ssl_tls.c:3738: |4| 0000:  14 03 03 00 01 01                                ......
ssl_tls.c:3846: |2| <= read record
ssl_tls.c:4807: |3| switching to new transform spec for inbound data
ssl_tls.c:4857: |2| <= parse change cipher spec
ssl_srv.c:4219: |2| server state: 11
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:5415: |2| => parse finished
ssl_tls.c:5114: |2| => calc  finished tls sha256
ssl_tls.c:5126: |4| dumping 'finished sha2 state' (32 bytes)
ssl_tls.c:5126: |4| 0000:  19 85 1c 71 83 2a 35 b0 27 1f c9 05 a6 47 64 5b  ...q.*5.'....Gd[
ssl_tls.c:5126: |4| 0010:  c5 9c 67 2e 8c 04 be e2 6d d5 ea 8a cf 6a aa 3e  ..g.....m....j.>
ssl_tls.c:5138: |3| dumping 'calc finished result' (12 bytes)
ssl_tls.c:5138: |3| 0000:  93 18 25 63 2d 78 64 c3 9e 77 b3 3c              ..

Hi @Evgeniy_Vasyliev
Since the error is different, prob ably because of timeout, I am guessing that the original error is related to the fact you are using the Mbed TLS test certificate, which are not trusted by the Browser.
Have you set test-ca2.crt as a trusted CA root certificate in your Browser’s certificate store?
This actually puzzles me why the connection works some of the times…
Regards

Well, test-ca2.crt from certs.c is the one using RSA, I can not use it cause there is not enough memory in my MCU for RSA. So, I am using the one generated using curves (mbedtls_test_srv_crt_ec).

I already set everywhere possible this certificate as trusted, but still same effect…

@roneld01, just by chance maybe you see something useful from the above logs? Cause I am stuck and actually do now know where to watch, I think I tried everything possible about this problem, which came into my mind during last 5 days… Any advise what to change or some mbedTLS settings to play with?

Hi @Evgeniy_Vasyliev
test-ca2.crt uses EC keys:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13926223505202072808 (0xc143e27e6243cce8)
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=NL, O=PolarSSL, CN=Polarssl Test EC CA
        Validity
            Not Before: Sep 24 15:49:48 2013 GMT
            Not After : Sep 22 15:49:48 2023 GMT
        Subject: C=NL, O=PolarSSL, CN=Polarssl Test EC CA
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub: 
                    04:c3:da:2b:34:41:37:58:2f:87:56:fe:fc:89:ba:
                    29:43:4b:4e:e0:6e:c3:0e:57:53:33:39:58:d4:52:
                    b4:91:95:39:0b:23:df:5f:17:24:62:48:fc:1a:95:
                    29:ce:2c:2d:87:c2:88:52:80:af:d6:6a:ab:21:dd:
                    b8:d3:1c:6e:58:b8:ca:e8:b2:69:8e:f3:41:ad:29:
                    c3:b4:5f:75:a7:47:6f:d5:19:29:55:69:9a:53:3b:
                    20:b4:66:16:60:33:1e
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                9D:6D:20:24:49:01:3F:2B:CB:78:B5:19:BC:7E:24:C9:DB:FB:36:7C
            X509v3 Authority Key Identifier: 
                keyid:9D:6D:20:24:49:01:3F:2B:CB:78:B5:19:BC:7E:24:C9:DB:FB:36:7C
                DirName:/C=NL/O=PolarSSL/CN=Polarssl Test EC CA
                serial:C1:43:E2:7E:62:43:CC:E8

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: ecdsa-with-SHA256
         30:66:02:31:00:c3:b4:62:73:56:28:95:00:7d:78:12:26:d2:
         71:7b:19:f8:8a:98:3e:92:fe:33:9e:e4:79:d2:fe:7a:b7:87:
         74:3c:2b:b8:d7:69:94:0b:a3:67:77:b8:b3:be:d1:36:32:02:
         31:00:fd:67:9c:94:23:67:c0:56:ba:4b:33:15:00:c6:e3:cc:
         31:08:2c:9c:8b:da:a9:75:23:2f:b8:28:e7:f2:9c:14:3a:40:
         01:5c:af:0c:b2:cf:74:7f:30:9f:08:43:ad:20

I already set everywhere possible this certificate as trusted, but still same effect…

Which certificate? The CA root certificate?

Any advise what to change or some mbedTLS settings to play with?

Without the correct log that shows the failure on the server side, there is no indication on why handshake failed. There are two logs: One indicates that the client closed the connection, another indicates that the server closed the connection.
Is it possible to store the logs in RAM, and perhaps store to flash after failure?

@roneld01,
thank you for your help. Yes, you are right, I missed. I am exactly using test-ca2.crt, I pasted it as a trusted CA root certificate in Google Chrome and Windows OS and it gave no result.

I tried getting the logs, however anyway I make it each time I receive -80 (-0x50) error, however once I stop logs - the error -30592 (-0x7780) is caught. I do not have any external RAM for storing the logs, so currently I am puzzled what to do…

Current situation with browsers:

  • Mozilla Firefox: OK
  • Microsoft Edge: OK
  • Google Chrome: error -30592 (-0x7780)
  • Opera: error -30592 (-0x7780) - seems that it is using same engine as Google Chrome
  • Microsoft IE: working quite strange in general, so I am not targeting on it
  • Safari: not tested yet

Hi @Evgeniy_Vasyliev
Please indicate which peer returns the error every time.
My understanding is the the client ( Google Chrome for example) returns -0x7780, and adding logs, the server returns -0x50.
Each error indicate an issue on the remote peer, which makes it difficult to debug…
Can you indicate what is the ciphersuite use with Mozilla and Microsoft Edge?

Can you capture with wireshark or other network sniffer to at least understand when the fatal alert is being sent by server? I mean, after what client message. Better yet, if the fatal alert is being sent in the initial handshake, it may not be encrypted, and you can see the full fatal alert message. Please check what it is.
Regards,
Mbed TLS Team member
Ron

@roneld01, thank you for your kind support.

I see that in Google Chrome there is an exception regarding self-signed certificate:

Certificate - Subject Alternative Name missing
The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.

I thought that maybe due to this the handshake error is present.

Can you please tell me if it is possible to generate SSL certificate using cert_write tool with Subject Alternative Name specifying? I can see the following options in it:

 usage: cert_write param=<>...

 acceptable parameters:
    request_file=%s         default: (empty)
                            If request_file is specified, subject_key,
                            subject_pwd and subject_name are ignored!
    subject_key=%s          default: subject.key
    subject_pwd=%s          default: (empty)
    subject_name=%s         default: CN=Cert,O=mbed TLS,C=UK

    issuer_crt=%s           default: (empty)
                            If issuer_crt is specified, issuer_name is
                            ignored!
    issuer_name=%s          default: CN=CA,O=mbed TLS,C=UK

    selfsign=%d             default: 0 (false)
                            If selfsign is enabled, issuer_name and
                            issuer_key are required (issuer_crt and
                            subject_* are ignored
    issuer_key=%s           default: ca.key
    issuer_pwd=%s           default: (empty)
    output_file=%s          default: cert.crt
    serial=%s               default: 1
    not_before=%s           default: 20010101000000
    not_after=%s            default: 20301231235959
    is_ca=%d                default: 0 (disabled)
    max_pathlen=%d          default: -1 (none)
    md=%s                   default: SHA256
                            Supported values:
                            MD5, SHA1, SHA256, SHA512
    version=%d              default: 3
                            Possible values: 1, 2, 3
    subject_identifier=%s   default: 1
                            Possible values: 0, 1
                            (Considered for v3 only)
    authority_identifier=%s default: 1
                            Possible values: 0, 1
                            (Considered for v3 only)
    basic_constraints=%d    default: 1
                            Possible values: 0, 1
                            (Considered for v3 only)
    key_usage=%s            default: (empty)
                            Comma-separated-list of values:
                            digital_signature
                            non_repudiation
                            key_encipherment
                            data_encipherment
                            key_agreement
                            key_cert_sign
                            crl_sign
                            (Considered for v3 only)
    ns_cert_type=%s         default: (empty)
                            Comma-separated-list of values:
                            ssl_client
                            ssl_server
                            email
                            object_signing
                            ssl_ca
                            email_ca
                            object_signing_ca

However, I can not find anything about alternative subject name…

As always, thank you!

Hi @Evgeniy_Vasyliev
Unfortunately, Mbed TLS does not have an API for writing subject Alternative names.
It does have mbedtls_x509write_crt_set_extension() which you can use for writing your extension, but you will need to set the value as expected in the subject alternative name extension, according to the standard.
I would recommend you use a different tool for writing your certificate, such as openssl
Regards