Mbedtls_ssl_handshake fails and returns -0x4D80 error code

Evgeniy_Vasyliev · June 24, 2019, 7:45am

What could be a reason when mbedtls_ssl_handshake returns -0x4D80 error code?

Used ciphersuit: MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

roneld01 · June 24, 2019, 8:58am

Hi @Evgeniy_Vasyliev
Using the sample application strerror you would see:

programs/util/strerror -0x4d80
Last error was: -0x4d80 - ECP - Memory allocation failed

You ran out of memory during your handshake. Are you using a memory constrained board? Note that RSA consumes much memory, and this could cause your memory issues.
If you use a certificate signed with ECP, you will get smaller certificates, due to smaller key sizes, with same security strength as RSA.
I suggest you read https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint for hints on reducing your memory usage.
Regards,
Mbed TLS Team member
Ron

Evgeniy_Vasyliev · June 24, 2019, 9:50am

@roneld01, thank you for detailed response.

I am working on STM32F4 and making a web-server on it. I am using code from https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_server.c Initially I was using default ciphersuits generated using STM32CubeMx:

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

and using these ciphersuits it is really working good in Firefox. However, in Google Chrome many of handshake procedures end with error -0x7780 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE), however after resetting the connection it begins to work fine the other time!

So, while in Firefox all the requests are passed without any erros in Google Chrome at each request first there is a handshake error, but after this at subsequent request it is processed well. I can not send to you logs from mbedTLS, however this is a log how it works with Google Chrome:

**00.01.01 14:59:28.305 SSL handshake error: -30592**
00.01.01 14:59:28.305 SslResetSession
00.01.01 14:59:28.356 SSL connection using TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
00.01.01 14:59:28.356 PTS_ProcessHttpRequest
00.01.01 14:59:28.364 SslResetSession
**00.01.01 14:59:28.381 SSL handshake error: -30592**
00.01.01 14:59:28.382 SslResetSession
00.01.01 14:59:28.434 SSL connection using TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
00.01.01 14:59:28.434 PTS_ProcessHttpRequest
00.01.01 14:59:28.449 SslResetSession
**00.01.01 14:59:28.480 SSL handshake error: -30592**
00.01.01 14:59:28.481 SslResetSession
00.01.01 14:59:28.532 SSL connection using TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
00.01.01 14:59:28.532 PTS_ProcessHttpRequest
00.01.01 14:59:28.536 SslResetSession

So, after reading some posts on this forum I thought that enabling RSA will solve the problem with Google Chrome. However, after few days of attempts I still can not make it work (there is really quite little free memory left in MCU). maybe the problem is not in RSA and I am looking in a wrong direction?

Can you please advise what can be a reason on why handshake with Google Chrome will end with error -0x7780 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE), while after resetting the connection it will work?

Thank you.

Evgeniy_Vasyliev · June 24, 2019, 4:08pm

I was able to get the mbedTLS logs at debug level = 2.

Here is a log when working with Mozilla Firefox (everything seems to work well):

 19.06.24 19:00:20.038 ssl_tls.c:6754: |2| => handshake

 19.06.24 19:00:20.074 ssl_srv.c:4219: |2| server state: 0

 19.06.24 19:00:20.081 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:20.088 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:20.096 ssl_srv.c:4219: |2| server state: 1

 19.06.24 19:00:20.103 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:20.110 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:20.116 ssl_srv.c:1192: |2| => parse client hello

 19.06.24 19:00:20.123 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:20.133 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:20.140 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:20.147 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 19:00:20.155 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:20.161 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:20.168 ssl_tls.c:2413: |2| in_left: 5, nb_want: 517

 19.06.24 19:00:20.176 ssl_tls.c:2437: |2| in_left: 5, nb_want: 517

 19.06.24 19:00:20.186 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)

 19.06.24 19:00:20.193 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:20.200 ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

 19.06.24 19:00:20.207 ssl_srv.c:2008: |2| <= parse client hello

 19.06.24 19:00:20.214 ssl_srv.c:4219: |2| server state: 2

 19.06.24 19:00:20.221 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:20.228 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:20.238 ssl_srv.c:2383: |2| => write server hello

 19.06.24 19:00:20.246 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:20.253 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:20.260 ssl_tls.c:2490: |2| message length: 92, out_left: 92

 19.06.24 19:00:20.267 ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)

 19.06.24 19:00:20.274 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:20.281 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:20.287 ssl_srv.c:2600: |2| <= write server hello

 19.06.24 19:00:20.298 ssl_srv.c:4219: |2| server state: 3

 19.06.24 19:00:20.304 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:20.311 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:20.318 ssl_tls.c:4259: |2| => write certificate

 19.06.24 19:00:20.326 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:20.335 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:20.341 ssl_tls.c:2490: |2| message length: 1163, out_left: 1163

 19.06.24 19:00:20.349 ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)

 19.06.24 19:00:20.359 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:20.365 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:20.373 ssl_tls.c:4363: |2| <= write certificate

 19.06.24 19:00:20.380 ssl_srv.c:4219: |2| server state: 4

 19.06.24 19:00:20.387 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:20.393 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:20.400 ssl_srv.c:3232: |2| => write server key exchange

 19.06.24 19:00:20.410 ssl_srv.c:3011: |2| ECDHE curve: secp384r1

 19.06.24 19:00:21.173 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:21.180 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:21.187 ssl_tls.c:2490: |2| message length: 185, out_left: 185

 19.06.24 19:00:21.195 ssl_tls.c:2496: |2| ssl->f_send() returned 185 (-0xffffff47)

 19.06.24 19:00:21.202 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:21.209 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:21.234 ssl_srv.c:3316: |2| <= write server key exchange

 19.06.24 19:00:21.244 ssl_srv.c:4219: |2| server state: 5

 19.06.24 19:00:21.251 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:21.258 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:21.265 ssl_srv.c:2645: |2| => write certificate request

 19.06.24 19:00:21.272 ssl_srv.c:2663: |2| <= skip write certificate request

 19.06.24 19:00:21.279 ssl_srv.c:4219: |2| server state: 6

 19.06.24 19:00:21.286 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:21.293 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:21.302 ssl_srv.c:3324: |2| => write server hello done

 19.06.24 19:00:21.309 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:21.316 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:21.324 ssl_tls.c:2490: |2| message length: 9, out_left: 9

 19.06.24 19:00:21.331 ssl_tls.c:2496: |2| ssl->f_send() returned 9 (-0xfffffff7)

 19.06.24 19:00:21.338 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:21.344 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:21.354 ssl_srv.c:3343: |2| <= write server hello done

 19.06.24 19:00:21.362 ssl_srv.c:4219: |2| server state: 7

 19.06.24 19:00:21.368 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:21.375 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:21.382 ssl_tls.c:4376: |2| => parse certificate

 19.06.24 19:00:21.389 ssl_tls.c:4406: |2| <= skip parse certificate

 19.06.24 19:00:21.396 ssl_srv.c:4219: |2| server state: 8

 19.06.24 19:00:21.403 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:21.413 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:21.420 ssl_srv.c:3664: |2| => parse client key exchange

 19.06.24 19:00:21.427 ssl_tls.c:3809: |2| => read record

 19.06.24 19:00:21.434 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:21.441 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:21.655 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:21.662 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 19:00:21.669 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:21.679 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:21.686 ssl_tls.c:2413: |2| in_left: 5, nb_want: 107

 19.06.24 19:00:21.693 ssl_tls.c:2437: |2| in_left: 5, nb_want: 107

 19.06.24 19:00:21.700 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 102 (-0xffffff9a)

 19.06.24 19:00:21.707 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:21.714 ssl_tls.c:3846: |2| <= read record

 19.06.24 19:00:22.185 ssl_tls.c:0509: |2| => derive keys

 19.06.24 19:00:22.199 ssl_tls.c:0983: |2| <= derive keys

 19.06.24 19:00:22.206 ssl_srv.c:3928: |2| <= parse client key exchange

 19.06.24 19:00:22.212 ssl_srv.c:4219: |2| server state: 9

 19.06.24 19:00:22.219 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.226 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:22.233 ssl_srv.c:3975: |2| => parse certificate verify

 19.06.24 19:00:22.240 ssl_srv.c:3984: |2| <= skip parse certificate verify

 19.06.24 19:00:22.247 ssl_srv.c:4219: |2| server state: 10

 19.06.24 19:00:22.257 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.264 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:22.271 ssl_tls.c:4779: |2| => parse change cipher spec

 19.06.24 19:00:22.278 ssl_tls.c:3809: |2| => read record

 19.06.24 19:00:22.285 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:22.292 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:22.318 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:22.325 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 19:00:22.335 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:22.342 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:22.349 ssl_tls.c:2413: |2| in_left: 5, nb_want: 6

 19.06.24 19:00:22.356 ssl_tls.c:2437: |2| in_left: 5, nb_want: 6

 19.06.24 19:00:22.363 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 1 (-0xffffffff)

 19.06.24 19:00:22.370 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:22.377 ssl_tls.c:3846: |2| <= read record

 19.06.24 19:00:22.396 ssl_tls.c:4857: |2| <= parse change cipher spec

 19.06.24 19:00:22.403 ssl_srv.c:4219: |2| server state: 11

 19.06.24 19:00:22.410 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.417 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:22.424 ssl_tls.c:5415: |2| => parse finished

 19.06.24 19:00:22.431 ssl_tls.c:5114: |2| => calc  finished tls sha256

 19.06.24 19:00:22.438 ssl_tls.c:5144: |2| <= calc  finished

 19.06.24 19:00:22.445 ssl_tls.c:3809: |2| => read record

 19.06.24 19:00:22.455 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:22.462 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:22.469 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:22.475 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 19:00:22.482 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:22.489 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:22.496 ssl_tls.c:2413: |2| in_left: 5, nb_want: 45

 19.06.24 19:00:22.503 ssl_tls.c:2437: |2| in_left: 5, nb_want: 45

 19.06.24 19:00:22.513 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 40 (-0xffffffd8)

 19.06.24 19:00:22.520 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:22.527 ssl_tls.c:1619: |2| => decrypt buf

 19.06.24 19:00:22.534 ssl_tls.c:2092: |2| <= decrypt buf

 19.06.24 19:00:22.542 ssl_tls.c:3846: |2| <= read record

 19.06.24 19:00:22.548 ssl_tls.c:5483: |2| <= parse finished

 19.06.24 19:00:22.555 ssl_srv.c:4219: |2| server state: 12

 19.06.24 19:00:22.565 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.572 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:22.579 ssl_tls.c:4756: |2| => write change cipher spec

 19.06.24 19:00:22.586 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:22.593 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.600 ssl_tls.c:2490: |2| message length: 6, out_left: 6

 19.06.24 19:00:22.607 ssl_tls.c:2496: |2| ssl->f_send() returned 6 (-0xfffffffa)

 19.06.24 19:00:22.614 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:22.624 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:22.631 ssl_tls.c:4770: |2| <= write change cipher spec

 19.06.24 19:00:22.637 ssl_srv.c:4219: |2| server state: 13

 19.06.24 19:00:22.644 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.651 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:22.657 ssl_tls.c:5289: |2| => write finished

 19.06.24 19:00:22.664 ssl_tls.c:5114: |2| => calc  finished tls sha256

 19.06.24 19:00:22.671 ssl_tls.c:5144: |2| <= calc  finished

 19.06.24 19:00:22.681 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:22.687 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 19:00:22.694 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 19:00:22.701 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.707 ssl_tls.c:2490: |2| message length: 45, out_left: 45

 19.06.24 19:00:22.733 ssl_tls.c:2496: |2| ssl->f_send() returned 45 (-0xffffffd3)

 19.06.24 19:00:22.740 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:22.750 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:22.757 ssl_tls.c:5398: |2| <= write finished

 19.06.24 19:00:22.764 ssl_srv.c:4219: |2| server state: 14

 19.06.24 19:00:22.771 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.778 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:22.785 ssl_srv.c:4324: |2| handshake: done

 19.06.24 19:00:22.792 ssl_srv.c:4219: |2| server state: 15

 19.06.24 19:00:22.799 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:22.806 ssl_tls.c:2483: |2| <= flush output

 19.06.24 19:00:22.816 ssl_tls.c:6764: |2| <= handshake

 19.06.24 19:00:22.823 ssl_tls.c:6940: |2| => read

 19.06.24 19:00:22.830 ssl_tls.c:3809: |2| => read record

 19.06.24 19:00:22.837 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:22.844 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:22.851 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 19:00:22.858 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 19:00:22.865 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:22.876 ssl_tls.c:2252: |2| => fetch input

 19.06.24 19:00:22.883 ssl_tls.c:2413: |2| in_left: 5, nb_want: 734

 19.06.24 19:00:22.890 ssl_tls.c:2437: |2| in_left: 5, nb_want: 734

 19.06.24 19:00:22.897 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 605 (-0xfffffda3)

 19.06.24 19:00:22.904 ssl_tls.c:2437: |2| in_left: 610, nb_want: 734

 19.06.24 19:00:22.911 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 124 (-0xffffff84)

 19.06.24 19:00:22.921 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 19:00:22.928 ssl_tls.c:1619: |2| => decrypt buf

 19.06.24 19:00:22.936 ssl_tls.c:2092: |2| <= decrypt buf

 19.06.24 19:00:22.943 ssl_tls.c:3846: |2| <= read record

 19.06.24 19:00:22.951 ssl_tls.c:7228: |2| <= read

 19.06.24 19:00:23.958 ssl_tls.c:7330: |2| => write

 19.06.24 19:00:23.966 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:23.973 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 19:00:23.980 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 19:00:23.990 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:23.997 ssl_tls.c:2490: |2| message length: 285, out_left: 285

 19.06.24 19:00:23.004 ssl_tls.c:2496: |2| ssl->f_send() returned 285 (-0xfffffee3)

 19.06.24 19:00:23.011 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:23.018 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:23.025 ssl_tls.c:7358: |2| <= write

 19.06.24 19:00:23.032 ssl_tls.c:7330: |2| => write

 19.06.24 19:00:23.039 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:23.049 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 19:00:23.056 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 19:00:23.063 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:23.070 ssl_tls.c:2490: |2| message length: 36, out_left: 36

 19.06.24 19:00:23.078 ssl_tls.c:2496: |2| ssl->f_send() returned 36 (-0xffffffdc)

 19.06.24 19:00:23.085 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:23.092 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:23.099 ssl_tls.c:7358: |2| <= write

 19.06.24 19:00:23.109 ssl_tls.c:7330: |2| => write

 19.06.24 19:00:23.116 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:23.123 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 19:00:23.149 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 19:00:23.156 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:23.163 ssl_tls.c:2490: |2| message length: 36, out_left: 36

 19.06.24 19:00:23.170 ssl_tls.c:2496: |2| ssl->f_send() returned 36 (-0xffffffdc)

 19.06.24 19:00:23.177 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:23.187 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:23.195 ssl_tls.c:7358: |2| <= write

 19.06.24 19:00:23.202 ssl_tls.c:7373: |2| => write close notify

 19.06.24 19:00:23.209 ssl_tls.c:4180: |2| => send alert message

 19.06.24 19:00:23.216 ssl_tls.c:2764: |2| => write record

 19.06.24 19:00:23.223 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 19:00:23.230 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 19:00:23.237 ssl_tls.c:2471: |2| => flush output

 19.06.24 19:00:23.247 ssl_tls.c:2490: |2| message length: 31, out_left: 31

 19.06.24 19:00:23.254 ssl_tls.c:2496: |2| ssl->f_send() returned 31 (-0xffffffe1)

 19.06.24 19:00:23.261 ssl_tls.c:2523: |2| <= flush output

 19.06.24 19:00:23.268 ssl_tls.c:2922: |2| <= write record

 19.06.24 19:00:23.275 ssl_tls.c:4193: |2| <= send alert message

 19.06.24 19:00:23.282 ssl_tls.c:7389: |2| <= write close notify

Evgeniy_Vasyliev · June 24, 2019, 4:08pm

Here is a log when working with Google Chrome (this time it returns error -0x50), however the other time works well):

 19.06.24 18:59:03.998 ssl_tls.c:6754: |2| => handshake

 19.06.24 18:59:04.016 ssl_srv.c:4219: |2| server state: 0

 19.06.24 18:59:04.023 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:04.030 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:04.038 ssl_srv.c:4219: |2| server state: 1

 19.06.24 18:59:04.045 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:04.052 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:04.059 ssl_srv.c:1192: |2| => parse client hello

 19.06.24 18:59:04.065 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:04.076 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:04.083 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:04.090 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 18:59:04.202 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:04.209 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:04.216 ssl_tls.c:2413: |2| in_left: 5, nb_want: 517

 19.06.24 18:59:04.223 ssl_tls.c:2437: |2| in_left: 5, nb_want: 517

 19.06.24 18:59:04.233 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)

 19.06.24 18:59:04.240 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:04.248 ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

 19.06.24 18:59:04.255 ssl_srv.c:2008: |2| <= parse client hello

 19.06.24 18:59:04.262 ssl_srv.c:4219: |2| server state: 2

 19.06.24 18:59:04.278 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:04.285 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:04.295 ssl_srv.c:2383: |2| => write server hello

 19.06.24 18:59:04.303 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:04.310 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:04.317 ssl_tls.c:2490: |2| message length: 92, out_left: 92

 19.06.24 18:59:04.324 ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)

 19.06.24 18:59:04.331 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:04.338 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:04.345 ssl_srv.c:2600: |2| <= write server hello

 19.06.24 18:59:04.354 ssl_srv.c:4219: |2| server state: 3

 19.06.24 18:59:04.361 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:04.368 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:04.376 ssl_tls.c:4259: |2| => write certificate

 19.06.24 18:59:04.383 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:04.392 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:04.399 ssl_tls.c:2490: |2| message length: 1163, out_left: 1163

 19.06.24 18:59:04.406 ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)

 19.06.24 18:59:04.416 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:04.422 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:04.430 ssl_tls.c:4363: |2| <= write certificate

 19.06.24 18:59:04.436 ssl_srv.c:4219: |2| server state: 4

 19.06.24 18:59:04.443 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:04.450 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:04.457 ssl_srv.c:3232: |2| => write server key exchange

 19.06.24 18:59:04.467 ssl_srv.c:3011: |2| ECDHE curve: secp384r1

 19.06.24 18:59:05.229 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:05.237 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.244 ssl_tls.c:2490: |2| message length: 185, out_left: 185

 19.06.24 18:59:05.251 ssl_tls.c:2496: |2| ssl->f_send() returned 185 (-0xffffff47)

 19.06.24 18:59:05.258 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:05.265 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:05.272 ssl_srv.c:3316: |2| <= write server key exchange

 19.06.24 18:59:05.282 ssl_srv.c:4219: |2| server state: 5

 19.06.24 18:59:05.288 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.296 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:05.303 ssl_srv.c:2645: |2| => write certificate request

 19.06.24 18:59:05.309 ssl_srv.c:2663: |2| <= skip write certificate request

 19.06.24 18:59:05.317 ssl_srv.c:4219: |2| server state: 6

 19.06.24 18:59:05.324 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.330 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:05.340 ssl_srv.c:3324: |2| => write server hello done

 19.06.24 18:59:05.348 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:05.355 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.362 ssl_tls.c:2490: |2| message length: 9, out_left: 9

 19.06.24 18:59:05.369 ssl_tls.c:2496: |2| ssl->f_send() returned -80 (-0x0050)

 19.06.24 18:59:05.376 ssl_tls.c:2918: |1| mbedtls_ssl_flush_output() returned -80 (-0x0050)

 19.06.24 18:59:05.383 ssl_srv.c:3339: |1| mbedtls_ssl_write_record() returned -80 (-0x0050)

 19.06.24 18:59:05.393 ssl_tls.c:6764: |2| <= handshake

 19.06.24 18:59:05.410 ssl_tls.c:6754: |2| => handshake

 19.06.24 18:59:05.415 ssl_srv.c:4219: |2| server state: 0

 19.06.24 18:59:05.422 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.429 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:05.436 ssl_srv.c:4219: |2| server state: 1

 19.06.24 18:59:05.443 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.450 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:05.460 ssl_srv.c:1192: |2| => parse client hello

 19.06.24 18:59:05.467 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:05.474 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:05.481 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:05.488 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 18:59:05.495 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:05.502 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:05.512 ssl_tls.c:2413: |2| in_left: 5, nb_want: 517

 19.06.24 18:59:05.519 ssl_tls.c:2437: |2| in_left: 5, nb_want: 517

 19.06.24 18:59:05.526 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)

 19.06.24 18:59:05.534 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:05.541 ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

 19.06.24 18:59:05.548 ssl_srv.c:2008: |2| <= parse client hello

 19.06.24 18:59:05.555 ssl_srv.c:4219: |2| server state: 2

 19.06.24 18:59:05.565 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.572 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:05.579 ssl_srv.c:2383: |2| => write server hello

 19.06.24 18:59:05.587 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:05.594 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.600 ssl_tls.c:2490: |2| message length: 92, out_left: 92

 19.06.24 18:59:05.608 ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)

 19.06.24 18:59:05.618 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:05.624 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:05.631 ssl_srv.c:2600: |2| <= write server hello

 19.06.24 18:59:05.638 ssl_srv.c:4219: |2| server state: 3

 19.06.24 18:59:05.645 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.652 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:05.659 ssl_tls.c:4259: |2| => write certificate

 19.06.24 18:59:05.666 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:05.675 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.685 ssl_tls.c:2490: |2| message length: 1163, out_left: 1163

 19.06.24 18:59:05.693 ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)

 19.06.24 18:59:05.700 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:05.707 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:05.713 ssl_tls.c:4363: |2| <= write certificate

 19.06.24 18:59:05.720 ssl_srv.c:4219: |2| server state: 4

 19.06.24 18:59:05.727 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:05.737 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:05.744 ssl_srv.c:3232: |2| => write server key exchange

 19.06.24 18:59:05.751 ssl_srv.c:3011: |2| ECDHE curve: secp384r1

 19.06.24 18:59:06.514 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:06.521 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:06.528 ssl_tls.c:2490: |2| message length: 185, out_left: 185

 19.06.24 18:59:06.535 ssl_tls.c:2496: |2| ssl->f_send() returned 185 (-0xffffff47)

 19.06.24 18:59:06.542 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:06.552 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:06.559 ssl_srv.c:3316: |2| <= write server key exchange

 19.06.24 18:59:06.566 ssl_srv.c:4219: |2| server state: 5

 19.06.24 18:59:06.573 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:06.580 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:06.598 ssl_srv.c:2645: |2| => write certificate request

 19.06.24 18:59:06.605 ssl_srv.c:2663: |2| <= skip write certificate request

 19.06.24 18:59:06.614 ssl_srv.c:4219: |2| server state: 6

 19.06.24 18:59:06.621 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:06.628 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:06.635 ssl_srv.c:3324: |2| => write server hello done

 19.06.24 18:59:06.642 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:06.649 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:06.656 ssl_tls.c:2490: |2| message length: 9, out_left: 9

 19.06.24 18:59:06.663 ssl_tls.c:2496: |2| ssl->f_send() returned 9 (-0xfffffff7)

 19.06.24 18:59:06.683 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:06.690 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:06.697 ssl_srv.c:3343: |2| <= write server hello done

 19.06.24 18:59:06.704 ssl_srv.c:4219: |2| server state: 7

 19.06.24 18:59:06.710 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:06.717 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:06.724 ssl_tls.c:4376: |2| => parse certificate

 19.06.24 18:59:06.731 ssl_tls.c:4406: |2| <= skip parse certificate

 19.06.24 18:59:06.741 ssl_srv.c:4219: |2| server state: 8

 19.06.24 18:59:06.748 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:06.754 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:06.761 ssl_srv.c:3664: |2| => parse client key exchange

 19.06.24 18:59:06.768 ssl_tls.c:3809: |2| => read record

 19.06.24 18:59:06.774 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:06.781 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:06.788 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:06.797 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 18:59:06.804 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:06.810 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:06.817 ssl_tls.c:2413: |2| in_left: 5, nb_want: 107

 19.06.24 18:59:06.824 ssl_tls.c:2437: |2| in_left: 5, nb_want: 107

 19.06.24 18:59:06.830 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 102 (-0xffffff9a)

 19.06.24 18:59:06.837 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:06.847 ssl_tls.c:3846: |2| <= read record

 19.06.24 18:59:07.317 ssl_tls.c:0509: |2| => derive keys

 19.06.24 18:59:07.327 ssl_tls.c:0983: |2| <= derive keys

 19.06.24 18:59:07.334 ssl_srv.c:3928: |2| <= parse client key exchange

 19.06.24 18:59:07.341 ssl_srv.c:4219: |2| server state: 9

 19.06.24 18:59:07.348 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.355 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:07.362 ssl_srv.c:3975: |2| => parse certificate verify

 19.06.24 18:59:07.372 ssl_srv.c:3984: |2| <= skip parse certificate verify

 19.06.24 18:59:07.380 ssl_srv.c:4219: |2| server state: 10

 19.06.24 18:59:07.387 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.394 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:07.401 ssl_tls.c:4779: |2| => parse change cipher spec

 19.06.24 18:59:07.408 ssl_tls.c:3809: |2| => read record

 19.06.24 18:59:07.415 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:07.422 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:07.432 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:07.439 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 18:59:07.446 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:07.453 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:07.460 ssl_tls.c:2413: |2| in_left: 5, nb_want: 6

 19.06.24 18:59:07.467 ssl_tls.c:2437: |2| in_left: 5, nb_want: 6

 19.06.24 18:59:07.474 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 1 (-0xffffffff)

 19.06.24 18:59:07.496 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:07.503 ssl_tls.c:3846: |2| <= read record

 19.06.24 18:59:07.510 ssl_tls.c:4857: |2| <= parse change cipher spec

 19.06.24 18:59:07.517 ssl_srv.c:4219: |2| server state: 11

 19.06.24 18:59:07.524 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.531 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:07.538 ssl_tls.c:5415: |2| => parse finished

 19.06.24 18:59:07.545 ssl_tls.c:5114: |2| => calc  finished tls sha256

 19.06.24 18:59:07.555 ssl_tls.c:5144: |2| <= calc  finished

 19.06.24 18:59:07.562 ssl_tls.c:3809: |2| => read record

 19.06.24 18:59:07.569 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:07.576 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:07.583 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:07.591 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 18:59:07.598 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:07.608 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:07.615 ssl_tls.c:2413: |2| in_left: 5, nb_want: 45

 19.06.24 18:59:07.622 ssl_tls.c:2437: |2| in_left: 5, nb_want: 45

 19.06.24 18:59:07.629 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 40 (-0xffffffd8)

 19.06.24 18:59:07.636 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:07.643 ssl_tls.c:1619: |2| => decrypt buf

 19.06.24 18:59:07.650 ssl_tls.c:2092: |2| <= decrypt buf

 19.06.24 18:59:07.657 ssl_tls.c:3846: |2| <= read record

 19.06.24 18:59:07.667 ssl_tls.c:5483: |2| <= parse finished

 19.06.24 18:59:07.674 ssl_srv.c:4219: |2| server state: 12

 19.06.24 18:59:07.681 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.688 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:07.695 ssl_tls.c:4756: |2| => write change cipher spec

 19.06.24 18:59:07.702 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:07.709 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.716 ssl_tls.c:2490: |2| message length: 6, out_left: 6

 19.06.24 18:59:07.726 ssl_tls.c:2496: |2| ssl->f_send() returned 6 (-0xfffffffa)

 19.06.24 18:59:07.733 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:07.740 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:07.747 ssl_tls.c:4770: |2| <= write change cipher spec

 19.06.24 18:59:07.754 ssl_srv.c:4219: |2| server state: 13

 19.06.24 18:59:07.761 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.768 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:07.775 ssl_tls.c:5289: |2| => write finished

 19.06.24 18:59:07.785 ssl_tls.c:5114: |2| => calc  finished tls sha256

 19.06.24 18:59:07.793 ssl_tls.c:5144: |2| <= calc  finished

 19.06.24 18:59:07.800 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:07.807 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 18:59:07.814 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 18:59:07.821 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.828 ssl_tls.c:2490: |2| message length: 45, out_left: 45

 19.06.24 18:59:07.835 ssl_tls.c:2496: |2| ssl->f_send() returned 45 (-0xffffffd3)

 19.06.24 18:59:07.845 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:07.852 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:07.859 ssl_tls.c:5398: |2| <= write finished

 19.06.24 18:59:07.866 ssl_srv.c:4219: |2| server state: 14

 19.06.24 18:59:07.873 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.880 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:07.887 ssl_srv.c:4324: |2| handshake: done

 19.06.24 18:59:07.897 ssl_srv.c:4219: |2| server state: 15

 19.06.24 18:59:07.904 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:07.911 ssl_tls.c:2483: |2| <= flush output

 19.06.24 18:59:07.929 ssl_tls.c:6764: |2| <= handshake

 19.06.24 18:59:07.937 ssl_tls.c:6940: |2| => read

 19.06.24 18:59:07.943 ssl_tls.c:3809: |2| => read record

 19.06.24 18:59:07.950 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:07.957 ssl_tls.c:2413: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:07.965 ssl_tls.c:2437: |2| in_left: 0, nb_want: 5

 19.06.24 18:59:07.974 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

 19.06.24 18:59:07.981 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:07.989 ssl_tls.c:2252: |2| => fetch input

 19.06.24 18:59:07.995 ssl_tls.c:2413: |2| in_left: 5, nb_want: 807

 19.06.24 18:59:08.003 ssl_tls.c:2437: |2| in_left: 5, nb_want: 807

 19.06.24 18:59:08.010 ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 802 (-0xfffffcde)

 19.06.24 18:59:08.017 ssl_tls.c:2458: |2| <= fetch input

 19.06.24 18:59:08.036 ssl_tls.c:1619: |2| => decrypt buf

 19.06.24 18:59:08.045 ssl_tls.c:2092: |2| <= decrypt buf

 19.06.24 18:59:08.051 ssl_tls.c:3846: |2| <= read record

 19.06.24 18:59:08.059 ssl_tls.c:7228: |2| <= read

 19.06.24 18:59:08.066 ssl_tls.c:7330: |2| => write

 19.06.24 18:59:08.073 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:08.080 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 18:59:08.088 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 18:59:08.094 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:08.104 ssl_tls.c:2490: |2| message length: 285, out_left: 285

 19.06.24 18:59:08.112 ssl_tls.c:2496: |2| ssl->f_send() returned 285 (-0xfffffee3)

 19.06.24 18:59:08.119 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:08.125 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:08.132 ssl_tls.c:7358: |2| <= write

 19.06.24 18:59:08.140 ssl_tls.c:7330: |2| => write

 19.06.24 18:59:08.147 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:08.156 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 18:59:08.164 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 18:59:08.171 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:08.177 ssl_tls.c:2490: |2| message length: 36, out_left: 36

 19.06.24 18:59:08.185 ssl_tls.c:2496: |2| ssl->f_send() returned 36 (-0xffffffdc)

 19.06.24 18:59:08.192 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:08.199 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:08.205 ssl_tls.c:7358: |2| <= write

 19.06.24 18:59:08.215 ssl_tls.c:7330: |2| => write

 19.06.24 18:59:08.222 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:08.229 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 18:59:08.236 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 18:59:08.243 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:08.250 ssl_tls.c:2490: |2| message length: 36, out_left: 36

 19.06.24 18:59:08.258 ssl_tls.c:2496: |2| ssl->f_send() returned 36 (-0xffffffdc)

 19.06.24 18:59:08.264 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:08.274 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:08.281 ssl_tls.c:7358: |2| <= write

 19.06.24 18:59:08.288 ssl_tls.c:7373: |2| => write close notify

 19.06.24 18:59:08.295 ssl_tls.c:4180: |2| => send alert message

 19.06.24 18:59:08.302 ssl_tls.c:2764: |2| => write record

 19.06.24 18:59:08.310 ssl_tls.c:1287: |2| => encrypt buf

 19.06.24 18:59:08.317 ssl_tls.c:1605: |2| <= encrypt buf

 19.06.24 18:59:08.323 ssl_tls.c:2471: |2| => flush output

 19.06.24 18:59:08.330 ssl_tls.c:2490: |2| message length: 31, out_left: 31

 19.06.24 18:59:08.341 ssl_tls.c:2496: |2| ssl->f_send() returned 31 (-0xffffffe1)

 19.06.24 18:59:08.347 ssl_tls.c:2523: |2| <= flush output

 19.06.24 18:59:08.366 ssl_tls.c:2922: |2| <= write record

 19.06.24 18:59:08.373 ssl_tls.c:4193: |2| <= send alert message

 19.06.24 18:59:08.379 ssl_tls.c:7389: |2| <= write close notify

Evgeniy_Vasyliev · June 24, 2019, 4:08pm

What can be a reason for this with Google Chrome? Same situation I am facing with Microsoft Edge and IE.

Maybe I need to change something in mbedTLS configuration? I am using default configuration generated by STM32CubeMX and take https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_server.c as example.

Thank you.

roneld01 · June 25, 2019, 7:47am

HI @Evgeniy_Vasyliev
The log you show in the Google Chrome example doesn’t suggest a failed connection. However, error -0x50 is MBEDTLS_ERR_NET_CONN_RESET, which means that the connection was reset by the peer.

Assuming Chrome uses Mbed TLS as well, the error -30592 is (as you mentioned):

programs/util/strerror -30592
Last error was: -0x7780 - SSL - A fatal alert message was received from our peer

Please look a the log of a failed connection with google chrome, to understand why and when your server sent a fatal alert. It is better to se a debug lievel higher than 2.
Regards

Evgeniy_Vasyliev · June 25, 2019, 8:07am

@roneld01, thank you, here is a more detailed log when using Google Chrome with debug level = 4 (the highest), at this please note that when I enable logging the error at handshake is -80 (-0x50), however when logging is disabled - then the error at handshake is -30592 (-0x7780) - perhaps due to the timeout cause I write the logs to SD flash disk, so it takes time (I have SD disk on board, to which I forward the logs):

At this please note that used version of mbedTLS is 2.11.0 working over LWIP 2.0.3, which is coming into the latest release of STM32CubeMx for STM32F4 MCU,

ssl_tls.c:6754: |2| => handshake
ssl_srv.c:4219: |2| server state: 0
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:4219: |2| server state: 1
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:1192: |2| => parse client hello
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_srv.c:1224: |4| dumping 'record header' (5 bytes)
ssl_srv.c:1224: |4| 0000:  16 03 01 02 00                                   .....
ssl_srv.c:1236: |3| client hello v3, message type: 22
ssl_srv.c:1245: |3| client hello v3, message len.: 512
ssl_srv.c:1248: |3| client hello v3, protocol version: [3:1]
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 517
ssl_tls.c:2437: |2| in_left: 5, nb_want: 517
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)
ssl_tls.c:2458: |2| <= fetch input
ssl_srv.c:1330: |4| dumping 'record contents' (512 bytes)
ssl_srv.c:1330: |4| 0000:  01 00 01 fc 03 03 30 6d 56 a1 d1 c2 82 5c 79 80  ......0mV....\y.
ssl_srv.c:1330: |4| 0010:  ef e5 cd d4 c1 2c c8 8e 21 ea da 41 c3 0d bd 5e  .....,..!..A...^
ssl_srv.c:1330: |4| 0020:  62 f4 84 e3 cc de 20 53 69 9a dd 81 0d e7 99 5f  b..... Si......_
ssl_srv.c:1330: |4| 0030:  2f b1 c7 ec 9e e0 96 81 ad 9d 8e c3 db 40 50 91  /............@P.
ssl_srv.c:1330: |4| 0040:  d0 f6 31 18 47 c0 c6 00 22 ea ea 13 01 13 02 13  ..1.G...".......
ssl_srv.c:1330: |4| 0050:  03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0  ..+./.,.0.......
ssl_srv.c:1330: |4| 0060:  14 00 9c 00 9d 00 2f 00 35 00 0a 01 00 01 91 aa  ....../.5.......
ssl_srv.c:1330: |4| 0070:  aa 00 00 00 17 00 00 ff 01 00 01 00 00 0a 00 0a  ................
ssl_srv.c:1330: |4| 0080:  00 08 2a 2a 00 1d 00 17 00 18 00 0b 00 02 01 00  ..**............
ssl_srv.c:1330: |4| 0090:  00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74  .#.........h2.ht
ssl_srv.c:1330: |4| 00a0:  74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00 00  tp/1.1..........
ssl_srv.c:1330: |4| 00b0:  0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05 05  ................
ssl_srv.c:1330: |4| 00c0:  01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b 00  ............3.+.
ssl_srv.c:1330: |4| 00d0:  29 2a 2a 00 01 00 00 1d 00 20 ec c9 55 48 ab 96  )**...... ..UH..
ssl_srv.c:1330: |4| 00e0:  d4 79 e3 3e 85 2e de ad e2 70 ca 0e 77 8c 33 c0  .y.>.....p..w.3.
ssl_srv.c:1330: |4| 00f0:  9f 74 d6 2f 85 43 68 57 2e 4c 00 2d 00 02 01 01  .t./.ChW.L.-....
ssl_srv.c:1330: |4| 0100:  00 2b 00 0b 0a 1a 1a 03 04 03 03 03 02 03 01 00  .+..............
ssl_srv.c:1330: |4| 0110:  1b 00 03 02 00 02 da da 00 01 00 00 15 00 e1 00  ................
ssl_srv.c:1330: |4| 0120:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0130:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0150:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0160:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0170:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0190:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01a0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01b0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01c0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1348: |3| client hello v3, handshake type: 1
ssl_srv.c:1357: |3| client hello v3, handshake len.: 508
ssl_srv.c:1446: |3| dumping 'client hello, version' (2 bytes)
ssl_srv.c:1446: |3| 0000:  03 03                                            ..
ssl_srv.c:1477: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_srv.c:1477: |3| 0000:  30 6d 56 a1 d1 c2 82 5c 79 80 ef e5 cd d4 c1 2c  0mV....\y......,
ssl_srv.c:1477: |3| 0010:  c8 8e 21 ea da 41 c3 0d bd 5e 62 f4 84 e3 cc de  ..!..A...^b.....
ssl_srv.c:1495: |3| dumping 'client hello, session id' (32 bytes)
ssl_srv.c:1495: |3| 0000:  53 69 9a dd 81 0d e7 99 5f 2f b1 c7 ec 9e e0 96  Si......_/......
ssl_srv.c:1495: |3| 0010:  81 ad 9d 8e c3 db 40 50 91 d0 f6 31 18 47 c0 c6  ......@P...1.G..
ssl_srv.c:1580: |3| dumping 'client hello, ciphersuitelist' (34 bytes)
ssl_srv.c:1580: |3| 0000:  ea ea 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30  .........+./.,.0
ssl_srv.c:1580: |3| 0010:  cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35  ............./.5
ssl_srv.c:1580: |3| 0020:  00 0a                                            ..
ssl_srv.c:1600: |3| dumping 'client hello, compression' (1 bytes)
ssl_srv.c:1600: |3| 0000:  00                                               .
ssl_srv.c:1655: |3| dumping 'client hello extensions' (401 bytes)
ssl_srv.c:1655: |3| 0000:  aa aa 00 00 00 17 00 00 ff 01 00 01 00 00 0a 00  ................
ssl_srv.c:1655: |3| 0010:  0a 00 08 2a 2a 00 1d 00 17 00 18 00 0b 00 02 01  ...**...........
ssl_srv.c:1655: |3| 0020:  00 00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68  ..#.........h2.h
ssl_srv.c:1655: |3| 0030:  74 74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00  ttp/1.1.........
ssl_srv.c:1655: |3| 0040:  00 0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05  ................
ssl_srv.c:1655: |3| 0050:  05 01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b  .............3.+
ssl_srv.c:1655: |3| 0060:  00 29 2a 2a 00 01 00 00 1d 00 20 ec c9 55 48 ab  .)**...... ..UH.
ssl_srv.c:1655: |3| 0070:  96 d4 79 e3 3e 85 2e de ad e2 70 ca 0e 77 8c 33  ..y.>.....p..w.3
ssl_srv.c:1655: |3| 0080:  c0 9f 74 d6 2f 85 43 68 57 2e 4c 00 2d 00 02 01  ..t./.ChW.L.-...
ssl_srv.c:1655: |3| 0090:  01 00 2b 00 0b 0a 1a 1a 03 04 03 03 03 02 03 01  ..+.............
ssl_srv.c:1655: |3| 00a0:  00 1b 00 03 02 00 02 da da 00 01 00 00 15 00 e1  ................
ssl_srv.c:1655: |3| 00b0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00c0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0100:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0110:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0120:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0130:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0150:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0160:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0170:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0190:  00                                               .
ssl_srv.c:1803: |3| unknown extension found: 43690 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 23 (ignoring)
ssl_srv.c:1686: |3| found renegotiation extension
ssl_srv.c:1713: |3| found supported elliptic curves extension
ssl_srv.c:1721: |3| found supported point formats extension
ssl_srv.c:0356: |4| point format selected: 0
ssl_srv.c:1803: |3| unknown extension found: 35 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 16 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 5 (ignoring)
ssl_srv.c:1699: |3| found signature_algorithms extension
ssl_srv.c:0252: |3| client hello v3, signature_algorithm ext: match sig 4 and hash 6
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 4
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0252: |3| client hello v3, signature_algorithm ext: match sig 4 and hash 7
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 5
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 6
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:1803: |3| unknown extension found: 18 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 51 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 45 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 43 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 27 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 56026 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 21 (ignoring)
ssl_srv.c:0801: |3| trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:0699: |3| ciphersuite requires certificate
ssl_srv.c:0710: |3| candidate certificate chain, certificate #1:
ssl_srv.c:0710: |3| cert. version     : 3
ssl_srv.c:0710: |3| serial number     : 09
ssl_srv.c:0710: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_srv.c:0710: |3| issued  on        : 2013-09-24 15:52:04
ssl_srv.c:0710: |3| expires on        : 2023-09-22 15:52:04
ssl_srv.c:0710: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0710: |3| EC key size       : 256 bits
ssl_srv.c:0710: |3| basic constraints : CA=false
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_srv.c:0710: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_srv.c:0710: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_srv.c:0710: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_srv.c:0710: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_srv.c:0710: |3| candidate certificate chain, certificate #2:
ssl_srv.c:0710: |3| cert. version     : 3
ssl_srv.c:0710: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_srv.c:0710: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| issued  on        : 2013-09-24 15:49:48
ssl_srv.c:0710: |3| expires on        : 2023-09-22 15:49:48
ssl_srv.c:0710: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0710: |3| EC key size       : 384 bits
ssl_srv.c:0710: |3| basic constraints : CA=true
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_srv.c:0710: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_srv.c:0710: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_srv.c:0710: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_srv.c:0710: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_srv.c:0710: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_srv.c:0710: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_srv.c:0772: |3| selected certificate chain, certificate #1:
ssl_srv.c:0772: |3| cert. version     : 3
ssl_srv.c:0772: |3| serial number     : 09
ssl_srv.c:0772: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_srv.c:0772: |3| issued  on        : 2013-09-24 15:52:04
ssl_srv.c:0772: |3| expires on        : 2023-09-22 15:52:04
ssl_srv.c:0772: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0772: |3| EC key size       : 256 bits
ssl_srv.c:0772: |3| basic constraints : CA=false
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_srv.c:0772: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_srv.c:0772: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_srv.c:0772: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_srv.c:0772: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_srv.c:0772: |3| selected certificate chain, certificate #2:
ssl_srv.c:0772: |3| cert. version     : 3
ssl_srv.c:0772: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_srv.c:0772: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| issued  on        : 2013-09-24 15:49:48
ssl_srv.c:0772: |3| expires on        : 2023-09-22 15:49:48
ssl_srv.c:0772: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0772: |3| EC key size       : 384 bits
ssl_srv.c:0772: |3| basic constraints : CA=true
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_srv.c:0772: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_srv.c:0772: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_srv.c:0772: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_srv.c:0772: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_srv.c:0772: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_srv.c:0772: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:1998: |3| client hello v3, signature_algorithm ext: 4
ssl_srv.c:2008: |2| <= parse client hello
ssl_srv.c:4219: |2| server state: 2
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:2383: |2| => write server hello
ssl_srv.c:2417: |3| server hello, chosen version: [3:3]
ssl_srv.c:2426: |3| server hello, current time: 3
ssl_srv.c:2441: |3| dumping 'server hello, random bytes' (32 bytes)
ssl_srv.c:2441: |3| 0000:  00 00 00 00 80 ed f4 73 df 3e a6 01 48 19 e1 b5  .......s.>..H...
ssl_srv.c:2441: |3| 0010:  30 81 11 ce 8e a6 d0 0f 58 5e 5a 14 c8 65 4f ac  0.......X^Z..eO.
ssl_srv.c:2514: |3| server hello, session id len.: 32
ssl_srv.c:2515: |3| dumping 'server hello, session id' (32 bytes)
ssl_srv.c:2515: |3| 0000:  1a 66 0a cd 79 c1 49 54 47 53 2d d4 19 3b d6 39  .f..y.ITGS-..;.9
ssl_srv.c:2515: |3| 0010:  77 3d c7 41 d8 df 52 6e bf c1 b9 32 85 aa 97 f9  w=.A..Rn...2....
ssl_srv.c:2517: |3| no session has been resumed
ssl_srv.c:2524: |3| server hello, chosen ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:2526: |3| server hello, compress alg.: 0x00
ssl_srv.c:2145: |3| server hello, secure renegotiation extension
ssl_srv.c:2216: |3| server hello, supported_point_formats extension
ssl_srv.c:2581: |3| server hello, total extension length: 11
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 87
ssl_tls.c:2913: |4| dumping 'output record sent to network' (92 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 57 02 00 00 53 03 03 00 00 00 00 80  ....W...S.......
ssl_tls.c:2913: |4| 0010:  ed f4 73 df 3e a6 01 48 19 e1 b5 30 81 11 ce 8e  ..s.>..H...0....
ssl_tls.c:2913: |4| 0020:  a6 d0 0f 58 5e 5a 14 c8 65 4f ac 20 1a 66 0a cd  ...X^Z..eO. .f..
ssl_tls.c:2913: |4| 0030:  79 c1 49 54 47 53 2d d4 19 3b d6 39 77 3d c7 41  y.ITGS-..;.9w=.A
ssl_tls.c:2913: |4| 0040:  d8 df 52 6e bf c1 b9 32 85 aa 97 f9 c0 2b 00 00  ..Rn...2.....+..
ssl_tls.c:2913: |4| 0050:  0b ff 01 00 01 00 00 0b 00 02 01 00              ............
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 92, out_left: 92
ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:2600: |2| <= write server hello
ssl_srv.c:4219: |2| server state: 3
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:4259: |2| => write certificate
ssl_tls.c:4311: |3| own certificate #1:
ssl_tls.c:4311: |3| cert. version     : 3
ssl_tls.c:4311: |3| serial number     : 09
ssl_tls.c:4311: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_tls.c:4311: |3| issued  on        : 2013-09-24 15:52:04
ssl_tls.c:4311: |3| expires on        : 2023-09-22 15:52:04
ssl_tls.c:4311: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4311: |3| EC key size       : 256 bits
ssl_tls.c:4311: |3| basic constraints : CA=false
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_tls.c:4311: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_tls.c:4311: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_tls.c:4311: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_tls.c:4311: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_tls.c:4311: |3| own certificate #2:
ssl_tls.c:4311: |3| cert. version     : 3
ssl_tls.c:4311: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_tls.c:4311: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| issued  on        : 2013-09-24 15:49:48
ssl_tls.c:4311: |3| expires on        : 2023-09-22 15:49:48
ssl_tls.c:4311: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4311: |3| EC key size       : 384 bits
ssl_tls.c:4311: |3| basic constraints : CA=true
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_tls.c:4311: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_tls.c:4311: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_tls.c:4311: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_tls.c:4311: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_tls.c:4311: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_tls.c:4311: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 1158
ssl_tls.c:2913: |4| dumping 'output record sent to network' (1163 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 04 86 0b 00 04 82 00 04 7f 00 02 23 30  ..............#0
ssl_tls.c:2913: |4| 0010:  82 02 1f 30 82 01 a5 a0 03 02 01 02 02 01 09 30  ...0...........0
ssl_tls.c:2913: |4| 0020:  0a 06 08 2a 86 48 ce 3d 04 03 02 30 3e 31 0b 30  ...*.H.=...0>1.0
ssl_tls.c:2913: |4| 0030:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 0040:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 0050:  1a 06 03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c  ...U....Polarssl
ssl_tls.c:2913: |4| 0060:  20 54 65 73 74 20 45 43 20 43 41 30 1e 17 0d 31   Test EC CA0...1
ssl_tls.c:2913: |4| 0070:  33 30 39 32 34 31 35 35 32 30 34 5a 17 0d 32 33  30924155204Z..23
ssl_tls.c:2913: |4| 0080:  30 39 32 32 31 35 35 32 30 34 5a 30 34 31 0b 30  0922155204Z041.0
ssl_tls.c:2913: |4| 0090:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 00a0:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 12 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 00b0:  10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73  ...U....localhos
ssl_tls.c:2913: |4| 00c0:  74 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08  t0Y0...*.H.=....
ssl_tls.c:2913: |4| 00d0:  2a 86 48 ce 3d 03 01 07 03 42 00 04 37 cc 56 d9  *.H.=....B..7.V.
ssl_tls.c:2913: |4| 00e0:  76 09 1e 5a 72 3e c7 59 2d ff 20 6e ee 7c f9 06  v..Zr>.Y-. n.|..
ssl_tls.c:2913: |4| 00f0:  91 74 d0 ad 14 b5 f7 68 22 59 62 92 4e e5 00 d8  .t.....h"Yb.N...
ssl_tls.c:2913: |4| 0100:  23 11 ff ea 2f d2 34 5d 5d 16 bd 8a 88 c2 6b 77  #.../.4]].....kw
ssl_tls.c:2913: |4| 0110:  0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff a3 81 9d 30  .U..*..........0
ssl_tls.c:2913: |4| 0120:  81 9a 30 09 06 03 55 1d 13 04 02 30 00 30 1d 06  ..0...U....0.0..
ssl_tls.c:2913: |4| 0130:  03 55 1d 0e 04 16 04 14 50 61 a5 8f d4 07 d9 d7  .U......Pa......
ssl_tls.c:2913: |4| 0140:  82 01 0c e5 65 7f 8c 63 46 a7 13 be 30 6e 06 03  ....e..cF...0n..
ssl_tls.c:2913: |4| 0150:  55 1d 23 04 67 30 65 80 14 9d 6d 20 24 49 01 3f  U.#.g0e...m $I.?
ssl_tls.c:2913: |4| 0160:  2b cb 78 b5 19 bc 7e 24 c9 db fb 36 7c a1 42 a4  +.x...~$...6|.B.
ssl_tls.c:2913: |4| 0170:  40 30 3e 31 0b 30 09 06 03 55 04 06 13 02 4e 4c  @0>1.0...U....NL
ssl_tls.c:2913: |4| 0180:  31 11 30 0f 06 03 55 04 0a 13 08 50 6f 6c 61 72  1.0...U....Polar
ssl_tls.c:2913: |4| 0190:  53 53 4c 31 1c 30 1a 06 03 55 04 03 13 13 50 6f  SSL1.0...U....Po
ssl_tls.c:2913: |4| 01a0:  6c 61 72 73 73 6c 20 54 65 73 74 20 45 43 20 43  larssl Test EC C
ssl_tls.c:2913: |4| 01b0:  41 82 09 00 c1 43 e2 7e 62 43 cc e8 30 0a 06 08  A....C.~bC..0...
ssl_tls.c:2913: |4| 01c0:  2a 86 48 ce 3d 04 03 02 03 68 00 30 65 02 31 00  *.H.=....h.0e.1.
ssl_tls.c:2913: |4| 01d0:  9a 2c 5c d7 a6 db a2 e5 64 0d f0 b9 4e dd d7 61  .,\.....d...N..a
ssl_tls.c:2913: |4| 01e0:  d6 13 31 c7 ab 73 80 bb d3 d3 73 13 54 ad 92 0b  ..1..s....s.T...
ssl_tls.c:2913: |4| 01f0:  5d ab d0 bc f7 ae 2f e6 a1 21 29 35 95 aa 3e 39  ]...../..!)5..>9
ssl_tls.c:2913: |4| 0200:  02 30 21 36 7f 9d c6 5d c6 0b ab 27 f2 25 1d 3b  .0!6...]...'..;
ssl_tls.c:2913: |4| 0210:  f1 cf f1 35 25 14 e7 e5 f1 97 b5 59 e3 5e 15 7c  ...5......Y.^.|
ssl_tls.c:2913: |4| 0220:  66 b9 90 7b c7 01 10 4f 73 c6 00 21 52 2a 0e f1  f..{...Os..!R*..
ssl_tls.c:2913: |4| 0230:  c7 d5 00 02 56 30 82 02 52 30 82 01 d7 a0 03 02  ....V0..R0......
ssl_tls.c:2913: |4| 0240:  01 02 02 09 00 c1 43 e2 7e 62 43 cc e8 30 0a 06  ......C.~bC..0..
ssl_tls.c:2913: |4| 0250:  08 2a 86 48 ce 3d 04 03 02 30 3e 31 0b 30 09 06  .*.H.=...0>1.0..
ssl_tls.c:2913: |4| 0260:  03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03 55 04  .U....NL1.0...U.
ssl_tls.c:2913: |4| 0270:  0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30 1a 06  ...PolarSSL1.0..
ssl_tls.c:2913: |4| 0280:  03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c 20 54  .U....Polarssl T
ssl_tls.c:2913: |4| 0290:  65 73 74 20 45 43 20 43 41 30 1e 17 0d 31 33 30  est EC CA0...130
ssl_tls.c:2913: |4| 02a0:  39 32 34 31 35 34 39 34 38 5a 17 0d 32 33 30 39  924154948Z..2309
ssl_tls.c:2913: |4| 02b0:  32 32 31 35 34 39 34 38 5a 30 3e 31 0b 30 09 06  22154948Z0>1.0..
ssl_tls.c:2913: |4| 02c0:  03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03 55 04  .U....NL1.0...U.
ssl_tls.c:2913: |4| 02d0:  0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30 1a 06  ...PolarSSL1.0..
ssl_tls.c:2913: |4| 02e0:  03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c 20 54  .U....Polarssl T
ssl_tls.c:2913: |4| 02f0:  65 73 74 20 45 43 20 43 41 30 76 30 10 06 07 2a  est EC CA0v0...*
ssl_tls.c:2913: |4| 0300:  86 48 ce 3d 02 01 06 05 2b 81 04 00 22 03 62 00  .H.=....+...".b.
ssl_tls.c:2913: |4| 0310:  04 c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29  ...+4A7X/.V....)
ssl_tls.c:2913: |4| 0320:  43 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91  CKN.n..WS39X.R..
ssl_tls.c:2913: |4| 0330:  95 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c  .9.#._.$bH...).,
ssl_tls.c:2913: |4| 0340:  2d 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e  -...R...j.!....n
ssl_tls.c:2913: |4| 0350:  58 b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7  X....i..A.).._u.
ssl_tls.c:2913: |4| 0360:  47 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33  Go..)Ui.S; .f.`3
ssl_tls.c:2913: |4| 0370:  1e a3 81 a0 30 81 9d 30 1d 06 03 55 1d 0e 04 16  ....0..0...U....
ssl_tls.c:2913: |4| 0380:  04 14 9d 6d 20 24 49 01 3f 2b cb 78 b5 19 bc 7e  ...m $I.?+.x...~
ssl_tls.c:2913: |4| 0390:  24 c9 db fb 36 7c 30 6e 06 03 55 1d 23 04 67 30  $...6|0n..U.#.g0
ssl_tls.c:2913: |4| 03a0:  65 80 14 9d 6d 20 24 49 01 3f 2b cb 78 b5 19 bc  e...m $I.?+.x...
ssl_tls.c:2913: |4| 03b0:  7e 24 c9 db fb 36 7c a1 42 a4 40 30 3e 31 0b 30  ~$...6|.B.@0>1.0
ssl_tls.c:2913: |4| 03c0:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 03d0:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 03e0:  1a 06 03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c  ...U....Polarssl
ssl_tls.c:2913: |4| 03f0:  20 54 65 73 74 20 45 43 20 43 41 82 09 00 c1 43   Test EC CA....C
ssl_tls.c:2913: |4| 0400:  e2 7e 62 43 cc e8 30 0c 06 03 55 1d 13 04 05 30  .~bC..0...U....0
ssl_tls.c:2913: |4| 0410:  03 01 01 ff 30 0a 06 08 2a 86 48 ce 3d 04 03 02  ....0...*.H.=...
ssl_tls.c:2913: |4| 0420:  03 69 00 30 66 02 31 00 c3 b4 62 73 56 28 95 00  .i.0f.1...bsV(..
ssl_tls.c:2913: |4| 0430:  7d 78 12 26 d2 71 7b 19 f8 8a 98 3e 92 fe 33 9e  }x.&.q{....>..3.
ssl_tls.c:2913: |4| 0440:  e4 79 d2 fe 7a b7 87 74 3c 2b b8 d7 69 94 0b a3  .y..z..t<+..i...
ssl_tls.c:2913: |4| 0450:  67 77 b8 b3 be d1 36 32 02 31 00 fd 67 9c 94 23  gw....62.1..g..#
ssl_tls.c:2913: |4| 0460:  67 c0 56 ba 4b 33 15 00 c6 e3 cc 31 08 2c 9c 8b  g.V.K3.....1.,..
ssl_tls.c:2913: |4| 0470:  da a9 75 23 2f b8 28 e7 f2 9c 14 3a 40 01 5c af  ..u#/.(....:@.\.
ssl_tls.c:2913: |4| 0480:  0c b2 cf 74 7f 30 9f 08 43 ad 20                 ...t.0..C. 
ssl_tls.c:2471: |2| => flush output

Evgeniy_Vasyliev · June 25, 2019, 8:09am

Continuation:

ssl_tls.c:2490: |2| message length: 1163, out_left: 1163
ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_tls.c:4363: |2| <= write certificate
ssl_srv.c:4219: |2| server state: 4
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3232: |2| => write server key exchange
ssl_srv.c:3011: |2| ECDHE curve: secp384r1
ssl_srv.c:3036: |3| value of 'ECDH: Q (X)' (384 bits) is:
ssl_srv.c:3036: |3|  b8 aa c7 d3 18 07 42 8a 88 38 26 cf 2d 4b 75 37
ssl_srv.c:3036: |3|  cd ca d5 aa 6c c6 2e 31 1b 7d 13 09 c7 d0 94 82
ssl_srv.c:3036: |3|  d4 c5 9e f0 30 7c 04 1d 35 c0 4a 1a 80 ad fd 8e
ssl_srv.c:3036: |3| value of 'ECDH: Q (Y)' (384 bits) is:
ssl_srv.c:3036: |3|  9d a5 8d db 89 4f 33 ef 50 f2 1d b9 1b 20 08 9a
ssl_srv.c:3036: |3|  d6 75 39 37 86 31 8f 83 4c 8a f2 92 b5 02 a8 1e
ssl_srv.c:3036: |3|  04 a4 a4 b3 f3 b7 37 1c 38 30 77 cb 0a 6a 80 d5
ssl_srv.c:3099: |3| pick hash algorithm 6 for signing
ssl_srv.c:3137: |3| dumping 'parameters hash' (32 bytes)
ssl_srv.c:3137: |3| 0000:  e6 cc c8 f0 87 3b 5e 74 84 28 45 3c 6b 9e ff 43  .....;^t.(E<k..C
ssl_srv.c:3137: |3| 0010:  80 64 7d d2 f7 f3 96 29 c4 5f c2 98 ae 90 cd 4b  .d}....)._.....K
ssl_srv.c:3297: |3| dumping 'my signature' (70 bytes)
ssl_srv.c:3297: |3| 0000:  30 44 02 20 7b a4 b3 4e f6 f1 6c 51 a9 1b b4 09  0D. {..N..lQ....
ssl_srv.c:3297: |3| 0010:  52 2f 64 43 de 98 3a 10 4f fe 0a bc 04 c8 5f 6c  R/dC..:.O....._l
ssl_srv.c:3297: |3| 0020:  00 60 72 0b 02 20 39 3d ff c5 f8 1c b0 f5 1d a2  .`r.. 9=........
ssl_srv.c:3297: |3| 0030:  52 3e e4 1d c2 af 6d d4 b0 b7 f6 b8 ee 03 f9 b4  R>....m.........
ssl_srv.c:3297: |3| 0040:  f6 c8 19 68 da f1                                ...h..
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 179
ssl_tls.c:2913: |4| dumping 'output record sent to network' (184 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 b3 0c 00 00 af 03 00 18 61 04 b8 aa  ............a...
ssl_tls.c:2913: |4| 0010:  c7 d3 18 07 42 8a 88 38 26 cf 2d 4b 75 37 cd ca  ....B..8&.-Ku7..
ssl_tls.c:2913: |4| 0020:  d5 aa 6c c6 2e 31 1b 7d 13 09 c7 d0 94 82 d4 c5  ..l..1.}........
ssl_tls.c:2913: |4| 0030:  9e f0 30 7c 04 1d 35 c0 4a 1a 80 ad fd 8e 9d a5  ..0|..5.J.......
ssl_tls.c:2913: |4| 0040:  8d db 89 4f 33 ef 50 f2 1d b9 1b 20 08 9a d6 75  ...O3.P.... ...u
ssl_tls.c:2913: |4| 0050:  39 37 86 31 8f 83 4c 8a f2 92 b5 02 a8 1e 04 a4  97.1..L.........
ssl_tls.c:2913: |4| 0060:  a4 b3 f3 b7 37 1c 38 30 77 cb 0a 6a 80 d5 04 03  ....7.80w..j....
ssl_tls.c:2913: |4| 0070:  00 46 30 44 02 20 7b a4 b3 4e f6 f1 6c 51 a9 1b  .F0D. {..N..lQ..
ssl_tls.c:2913: |4| 0080:  b4 09 52 2f 64 43 de 98 3a 10 4f fe 0a bc 04 c8  ..R/dC..:.O.....
ssl_tls.c:2913: |4| 0090:  5f 6c 00 60 72 0b 02 20 39 3d ff c5 f8 1c b0 f5  _l.`r.. 9=......
ssl_tls.c:2913: |4| 00a0:  1d a2 52 3e e4 1d c2 af 6d d4 b0 b7 f6 b8 ee 03  ..R>....m.......
ssl_tls.c:2913: |4| 00b0:  f9 b4 f6 c8 19 68 da f1                          .....h..
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 184, out_left: 184
ssl_tls.c:2496: |2| ssl->f_send() returned 184 (-0xffffff48)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:3316: |2| <= write server key exchange
ssl_srv.c:4219: |2| server state: 5
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:2645: |2| => write certificate request
ssl_srv.c:2663: |2| <= skip write certificate request
ssl_srv.c:4219: |2| server state: 6
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3324: |2| => write server hello done
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 4
ssl_tls.c:2913: |4| dumping 'output record sent to network' (9 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 04 0e 00 00 00                       .........
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 9, out_left: 9
ssl_tls.c:2496: |2| ssl->f_send() returned -80 (-0x0050)
ssl_tls.c:2918: |1| mbedtls_ssl_flush_output() returned -80 (-0x0050)
ssl_srv.c:3339: |1| mbedtls_ssl_write_record() returned -80 (-0x0050)
ssl_tls.c:6764: |2| <= handshake
ssl_tls.c:6754: |2| => handshake
ssl_srv.c:4219: |2| server state: 0
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:4219: |2| server state: 1
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:1192: |2| => parse client hello
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_srv.c:1224: |4| dumping 'record header' (5 bytes)
ssl_srv.c:1224: |4| 0000:  16 03 01 02 00                                   .....
ssl_srv.c:1236: |3| client hello v3, message type: 22
ssl_srv.c:1245: |3| client hello v3, message len.: 512
ssl_srv.c:1248: |3| client hello v3, protocol version: [3:1]
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 517
ssl_tls.c:2437: |2| in_left: 5, nb_want: 517
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 512 (-0xfffffe00)
ssl_tls.c:2458: |2| <= fetch input
ssl_srv.c:1330: |4| dumping 'record contents' (512 bytes)
ssl_srv.c:1330: |4| 0000:  01 00 01 fc 03 03 92 d8 ad 10 0f 61 c8 87 d6 c3  ...........a....
ssl_srv.c:1330: |4| 0010:  22 19 dc 99 d7 66 8c d1 3d d3 6f f8 b8 b4 10 ac  "....f..=.o.....
ssl_srv.c:1330: |4| 0020:  ca 16 81 c6 02 24 20 53 69 9a dd 81 0d e7 99 5f  .....$ Si......_
ssl_srv.c:1330: |4| 0030:  2f b1 c7 ec 9e e0 96 81 ad 9d 8e c3 db 40 50 91  /............@P.
ssl_srv.c:1330: |4| 0040:  d0 f6 31 18 47 c0 c6 00 22 9a 9a 13 01 13 02 13  ..1.G...".......
ssl_srv.c:1330: |4| 0050:  03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0  ..+./.,.0.......
ssl_srv.c:1330: |4| 0060:  14 00 9c 00 9d 00 2f 00 35 00 0a 01 00 01 91 fa  ....../.5.......
ssl_srv.c:1330: |4| 0070:  fa 00 00 00 17 00 00 ff 01 00 01 00 00 0a 00 0a  ................
ssl_srv.c:1330: |4| 0080:  00 08 3a 3a 00 1d 00 17 00 18 00 0b 00 02 01 00  ..::............
ssl_srv.c:1330: |4| 0090:  00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74  .#.........h2.ht
ssl_srv.c:1330: |4| 00a0:  74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00 00  tp/1.1..........
ssl_srv.c:1330: |4| 00b0:  0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05 05  ................
ssl_srv.c:1330: |4| 00c0:  01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b 00  ............3.+.
ssl_srv.c:1330: |4| 00d0:  29 3a 3a 00 01 00 00 1d 00 20 e3 a8 3e 80 c7 25  )::...... ..>..
ssl_srv.c:1330: |4| 00e0:  51 0d f5 d0 d4 e8 7e e2 5b f6 70 f0 12 b6 81 64  Q.....~.[.p....d
ssl_srv.c:1330: |4| 00f0:  25 26 da 37 4f ab 26 0e 26 36 00 2d 00 02 01 01  &.7O.&.&6.-....
ssl_srv.c:1330: |4| 0100:  00 2b 00 0b 0a aa aa 03 04 03 03 03 02 03 01 00  .+..............
ssl_srv.c:1330: |4| 0110:  1b 00 03 02 00 02 4a 4a 00 01 00 00 15 00 e1 00  ......JJ........
ssl_srv.c:1330: |4| 0120:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0130:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0150:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0160:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0170:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 0190:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01a0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01b0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01c0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1330: |4| 01f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1348: |3| client hello v3, handshake type: 1
ssl_srv.c:1357: |3| client hello v3, handshake len.: 508
ssl_srv.c:1446: |3| dumping 'client hello, version' (2 bytes)
ssl_srv.c:1446: |3| 0000:  03 03                                            ..
ssl_srv.c:1477: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_srv.c:1477: |3| 0000:  92 d8 ad 10 0f 61 c8 87 d6 c3 22 19 dc 99 d7 66  .....a...."....f
ssl_srv.c:1477: |3| 0010:  8c d1 3d d3 6f f8 b8 b4 10 ac ca 16 81 c6 02 24  ..=.o..........$
ssl_srv.c:1495: |3| dumping 'client hello, session id' (32 bytes)
ssl_srv.c:1495: |3| 0000:  53 69 9a dd 81 0d e7 99 5f 2f b1 c7 ec 9e e0 96  Si......_/......
ssl_srv.c:1495: |3| 0010:  81 ad 9d 8e c3 db 40 50 91 d0 f6 31 18 47 c0 c6  ......@P...1.G..
ssl_srv.c:1580: |3| dumping 'client hello, ciphersuitelist' (34 bytes)
ssl_srv.c:1580: |3| 0000:  9a 9a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30  .........+./.,.0
ssl_srv.c:1580: |3| 0010:  cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35  ............./.5
ssl_srv.c:1580: |3| 0020:  00 0a                                            ..
ssl_srv.c:1600: |3| dumping 'client hello, compression' (1 bytes)
ssl_srv.c:1600: |3| 0000:  00                                               .
ssl_srv.c:1655: |3| dumping 'client hello extensions' (401 bytes)
ssl_srv.c:1655: |3| 0000:  fa fa 00 00 00 17 00 00 ff 01 00 01 00 00 0a 00  ................
ssl_srv.c:1655: |3| 0010:  0a 00 08 3a 3a 00 1d 00 17 00 18 00 0b 00 02 01  ...::...........
ssl_srv.c:1655: |3| 0020:  00 00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68  ..#.........h2.h
ssl_srv.c:1655: |3| 0030:  74 74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00  ttp/1.1.........
ssl_srv.c:1655: |3| 0040:  00 0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05  ................
ssl_srv.c:1655: |3| 0050:  05 01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b  .............3.+
ssl_srv.c:1655: |3| 0060:  00 29 3a 3a 00 01 00 00 1d 00 20 e3 a8 3e 80 c7  .)::...... ..>..
ssl_srv.c:1655: |3| 0070:  25 51 0d f5 d0 d4 e8 7e e2 5b f6 70 f0 12 b6 81  Q.....~.[.p....
ssl_srv.c:1655: |3| 0080:  64 25 26 da 37 4f ab 26 0e 26 36 00 2d 00 02 01  d&.7O.&.&6.-...
ssl_srv.c:1655: |3| 0090:  01 00 2b 00 0b 0a aa aa 03 04 03 03 03 02 03 01  ..+.............
ssl_srv.c:1655: |3| 00a0:  00 1b 00 03 02 00 02 4a 4a 00 01 00 00 15 00 e1  .......JJ.......
ssl_srv.c:1655: |3| 00b0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00c0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 00f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0100:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0110:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0120:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0130:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0150:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0160:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0170:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_srv.c:1655: |3| 0190:  00                                               .
ssl_srv.c:1803: |3| unknown extension found: 64250 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 23 (ignoring)
ssl_srv.c:1686: |3| found renegotiation extension
ssl_srv.c:1713: |3| found supported elliptic curves extension
ssl_srv.c:1721: |3| found supported point formats extension
ssl_srv.c:0356: |4| point format selected: 0
ssl_srv.c:1803: |3| unknown extension found: 35 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 16 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 5 (ignoring)
ssl_srv.c:1699: |3| found signature_algorithms extension
ssl_srv.c:0252: |3| client hello v3, signature_algorithm ext: match sig 4 and hash 6
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 4
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0252: |3| client hello v3, signature_algorithm ext: match sig 4 and hash 7
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 5
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 6
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:0234: |3| client hello v3, signature_algorithm ext unknown sig alg encoding 1
ssl_srv.c:1803: |3| unknown extension found: 18 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 51 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 45 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 43 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 27 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 19018 (ignoring)
ssl_srv.c:1803: |3| unknown extension found: 21 (ignoring)
ssl_srv.c:0801: |3| trying ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:0699: |3| ciphersuite requires certificate
ssl_srv.c:0710: |3| candidate certificate chain, certificate #1:
ssl_srv.c:0710: |3| cert. version     : 3
ssl_srv.c:0710: |3| serial number     : 09
ssl_srv.c:0710: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_srv.c:0710: |3| issued  on        : 2013-09-24 15:52:04
ssl_srv.c:0710: |3| expires on        : 2023-09-22 15:52:04
ssl_srv.c:0710: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0710: |3| EC key size       : 256 bits
ssl_srv.c:0710: |3| basic constraints : CA=false
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_srv.c:0710: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_srv.c:0710: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_srv.c:0710: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_srv.c:0710: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_srv.c:0710: |3| candidate certificate chain, certificate #2:
ssl_srv.c:0710: |3| cert. version     : 3
ssl_srv.c:0710: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_srv.c:0710: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0710: |3| issued  on        : 2013-09-24 15:49:48
ssl_srv.c:0710: |3| expires on        : 2023-09-22 15:49:48
ssl_srv.c:0710: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0710: |3| EC key size       : 384 bits
ssl_srv.c:0710: |3| basic constraints : CA=true
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_srv.c:0710: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_srv.c:0710: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_srv.c:0710: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_srv.c:0710: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_srv.c:0710: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_srv.c:0710: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_srv.c:0710: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_srv.c:0772: |3| selected certificate chain, certificate #1:
ssl_srv.c:0772: |3| cert. version     : 3
ssl_srv.c:0772: |3| serial number     : 09
ssl_srv.c:0772: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_srv.c:0772: |3| issued  on        : 2013-09-24 15:52:04
ssl_srv.c:0772: |3| expires on        : 2023-09-22 15:52:04
ssl_srv.c:0772: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0772: |3| EC key size       : 256 bits
ssl_srv.c:0772: |3| basic constraints : CA=false
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_srv.c:0772: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_srv.c:0772: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_srv.c:0772: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_srv.c:0772: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_srv.c:0772: |3| selected certificate chain, certificate #2:
ssl_srv.c:0772: |3| cert. version     : 3
ssl_srv.c:0772: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_srv.c:0772: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_srv.c:0772: |3| issued  on        : 2013-09-24 15:49:48
ssl_srv.c:0772: |3| expires on        : 2023-09-22 15:49:48
ssl_srv.c:0772: |3| signed using      : ECDSA with SHA256
ssl_srv.c:0772: |3| EC key size       : 384 bits
ssl_srv.c:0772: |3| basic constraints : CA=true
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_srv.c:0772: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_srv.c:0772: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_srv.c:0772: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_srv.c:0772: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_srv.c:0772: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_srv.c:0772: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_srv.c:0772: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_srv.c:1974: |2| selected ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:1998: |3| client hello v3, signature_algorithm ext: 4
ssl_srv.c:2008: |2| <= parse client hello
ssl_srv.c:4219: |2| server state: 2
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:2383: |2| => write server hello
ssl_srv.c:2417: |3| server hello, chosen version: [3:3]
ssl_srv.c:2426: |3| server hello, current time: 3
ssl_srv.c:2441: |3| dumping 'server hello, random bytes' (32 bytes)
ssl_srv.c:2441: |3| 0000:  00 00 00 00 54 ee 5b cf 6c 93 45 ef b4 67 23 e1  ....T.[.l.E..g#.
ssl_srv.c:2441: |3| 0010:  d1 29 92 1a ba e4 29 c4 c9 d3 ad 47 c9 12 fd e5  .)....)....G....
ssl_srv.c:2514: |3| server hello, session id len.: 32
ssl_srv.c:2515: |3| dumping 'server hello, session id' (32 bytes)
ssl_srv.c:2515: |3| 0000:  54 ab b6 05 3b 0f fd 21 06 c4 b9 25 4c 5c d2 35  T...;..!...\.5
ssl_srv.c:2515: |3| 0010:  ca 94 ec bf e1 38 00 dc 5a 40 44 d7 25 a1 6e 5b  .....8..Z@D..n[
ssl_srv.c:2517: |3| no session has been resumed
ssl_srv.c:2524: |3| server hello, chosen ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_srv.c:2526: |3| server hello, compress alg.: 0x00
ssl_srv.c:2145: |3| server hello, secure renegotiation extension
ssl_srv.c:2216: |3| server hello, supported_point_formats extension
ssl_srv.c:2581: |3| server hello, total extension length: 11
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 87
ssl_tls.c:2913: |4| dumping 'output record sent to network' (92 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 57 02 00 00 53 03 03 00 00 00 00 54  ....W...S......T
ssl_tls.c:2913: |4| 0010:  ee 5b cf 6c 93 45 ef b4 67 23 e1 d1 29 92 1a ba  .[.l.E..g#..)...
ssl_tls.c:2913: |4| 0020:  e4 29 c4 c9 d3 ad 47 c9 12 fd e5 20 54 ab b6 05  .)....G.... T...
ssl_tls.c:2913: |4| 0030:  3b 0f fd 21 06 c4 b9 25 4c 5c d2 35 ca 94 ec bf  ;..!...\.5....
ssl_tls.c:2913: |4| 0040:  e1 38 00 dc 5a 40 44 d7 25 a1 6e 5b c0 2b 00 00  .8..Z@D..n[.+..
ssl_tls.c:2913: |4| 0050:  0b ff 01 00 01 00 00 0b 00 02 01 00              ............
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 92, out_left: 92
ssl_tls.c:2496: |2| ssl->f_send() returned 92 (-0xffffffa4)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:2600: |2| <= write server hello
ssl_srv.c:4219: |2| server state: 3
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:4259: |2| => write certificate
ssl_tls.c:4311: |3| own certificate #1:
ssl_tls.c:4311: |3| cert. version     : 3
ssl_tls.c:4311: |3| serial number     : 09
ssl_tls.c:4311: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| subject name      : C=NL, O=PolarSSL, CN=localhost
ssl_tls.c:4311: |3| issued  on        : 2013-09-24 15:52:04
ssl_tls.c:4311: |3| expires on        : 2023-09-22 15:52:04
ssl_tls.c:4311: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4311: |3| EC key size       : 256 bits
ssl_tls.c:4311: |3| basic constraints : CA=false
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(X)' (254 bits) is:
ssl_tls.c:4311: |3|  37 cc 56 d9 76 09 1e 5a 72 3e c7 59 2d ff 20 6e
ssl_tls.c:4311: |3|  ee 7c f9 06 91 74 d0 ad 14 b5 f7 68 22 59 62 92
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_tls.c:4311: |3|  4e e5 00 d8 23 11 ff ea 2f d2 34 5d 5d 16 bd 8a
ssl_tls.c:4311: |3|  88 c2 6b 77 0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff
ssl_tls.c:4311: |3| own certificate #2:
ssl_tls.c:4311: |3| cert. version     : 3
ssl_tls.c:4311: |3| serial number     : C1:43:E2:7E:62:43:CC:E8
ssl_tls.c:4311: |3| issuer name       : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| subject name      : C=NL, O=PolarSSL, CN=Polarssl Test EC CA
ssl_tls.c:4311: |3| issued  on        : 2013-09-24 15:49:48
ssl_tls.c:4311: |3| expires on        : 2023-09-22 15:49:48
ssl_tls.c:4311: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4311: |3| EC key size       : 384 bits
ssl_tls.c:4311: |3| basic constraints : CA=true
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(X)' (384 bits) is:
ssl_tls.c:4311: |3|  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43
ssl_tls.c:4311: |3|  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95
ssl_tls.c:4311: |3|  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d
ssl_tls.c:4311: |3| value of 'crt->eckey.Q(Y)' (384 bits) is:
ssl_tls.c:4311: |3|  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58
ssl_tls.c:4311: |3|  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47
ssl_tls.c:4311: |3|  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 1158
ssl_tls.c:2913: |4| dumping 'output record sent to network' (1163 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 04 86 0b 00 04 82 00 04 7f 00 02 23 30  ..............#0
ssl_tls.c:2913: |4| 0010:  82 02 1f 30 82 01 a5 a0 03 02 01 02 02 01 09 30  ...0...........0
ssl_tls.c:2913: |4| 0020:  0a 06 08 2a 86 48 ce 3d 04 03 02 30 3e 31 0b 30  ...*.H.=...0>1.0
ssl_tls.c:2913: |4| 0030:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 0040:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 0050:  1a 06 03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c  ...U....Polarssl
ssl_tls.c:2913: |4| 0060:  20 54 65 73 74 20 45 43 20 43 41 30 1e 17 0d 31   Test EC CA0...1
ssl_tls.c:2913: |4| 0070:  33 30 39 32 34 31 35 35 32 30 34 5a 17 0d 32 33  30924155204Z..23
ssl_tls.c:2913: |4| 0080:  30 39 32 32 31 35 35 32 30 34 5a 30 34 31 0b 30  0922155204Z041.0
ssl_tls.c:2913: |4| 0090:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 00a0:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 12 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 00b0:  10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73  ...U....localhos
ssl_tls.c:2913: |4| 00c0:  74 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08  t0Y0...*.H.=....
ssl_tls.c:2913: |4| 00d0:  2a 86 48 ce 3d 03 01 07 03 42 00 04 37 cc 56 d9  *.H.=....B..7.V.
ssl_tls.c:2913: |4| 00e0:  76 09 1e 5a 72 3e c7 59 2d ff 20 6e ee 7c f9 06  v..Zr>.Y-. n.|..
ssl_tls.c:2913: |4| 00f0:  91 74 d0 ad 14 b5 f7 68 22 59 62 92 4e e5 00 d8  .t.....h"Yb.N...
ssl_tls.c:2913: |4| 0100:  23 11 ff ea 2f d2 34 5d 5d 16 bd 8a 88 c2 6b 77  #.../.4]].....kw
ssl_tls.c:2913: |4| 0110:  0d 55 cd 8a 2a 0e fa 01 c8 b4 ed ff a3 81 9d 30  .U..*..........0
ssl_tls.c:2913: |4| 0120:  81 9a 30 09 06 03 55 1d 13 04 02 30 00 30 1d 06  ..0...U....0.0..
ssl_tls.c:2913: |4| 0130:  03 55 1d 0e 04 16 04 14 50 61 a5 8f d4 07 d9 d7  .U......Pa......
ssl_tls.c:2913: |4| 0140:  82 01 0c e5 65 7f 8c 63 46 a7 13 be 30 6e 06 03  ....e..cF...0n..
ssl_tls.c:2913: |4| 0150:  55 1d 23 04 67 30 65 80 14 9d 6d 20 24 49 01 3f  U.#.g0e...m $I.?
ssl_tls.c:2913: |4| 0160:  2b cb 78 b5 19 bc 7e 24 c9 db fb 36 7c a1 42 a4  +.x...~$...6|.B.
ssl_tls.c:2913: |4| 0170:  40 30 3e 31 0b 30 09 06 03 55 04 06 13 02 4e 4c  @0>1.0...U....NL
ssl_tls.c:2913: |4| 0180:  31 11 30 0f 06 03 55 04 0a 13 08 50 6f 6c 61 72  1.0...U....Polar
ssl_tls.c:2913: |4| 0190:  53 53 4c 31 1c 30 1a 06 03 55 04 03 13 13 50 6f  SSL1.0...U....Po
ssl_tls.c:2913: |4| 01a0:  6c 61 72 73 73 6c 20 54 65 73 74 20 45 43 20 43  larssl Test EC C
ssl_tls.c:2913: |4| 01b0:  41 82 09 00 c1 43 e2 7e 62 43 cc e8 30 0a 06 08  A....C.~bC..0...
ssl_tls.c:2913: |4| 01c0:  2a 86 48 ce 3d 04 03 02 03 68 00 30 65 02 31 00  *.H.=....h.0e.1.
ssl_tls.c:2913: |4| 01d0:  9a 2c 5c d7 a6 db a2 e5 64 0d f0 b9 4e dd d7 61  .,\.....d...N..a
ssl_tls.c:2913: |4| 01e0:  d6 13 31 c7 ab 73 80 bb d3 d3 73 13 54 ad 92 0b  ..1..s....s.T...
ssl_tls.c:2913: |4| 01f0:  5d ab d0 bc f7 ae 2f e6 a1 21 29 35 95 aa 3e 39  ]...../..!)5..>9
ssl_tls.c:2913: |4| 0200:  02 30 21 36 7f 9d c6 5d c6 0b ab 27 f2 25 1d 3b  .0!6...]...'..;
ssl_tls.c:2913: |4| 0210:  f1 cf f1 35 25 14 e7 e5 f1 97 b5 59 e3 5e 15 7c  ...5......Y.^.|
ssl_tls.c:2913: |4| 0220:  66 b9 90 7b c7 01 10 4f 73 c6 00 21 52 2a 0e f1  f..{...Os..!R*..
ssl_tls.c:2913: |4| 0230:  c7 d5 00 02 56 30 82 02 52 30 82 01 d7 a0 03 02  ....V0..R0......
ssl_tls.c:2913: |4| 0240:  01 02 02 09 00 c1 43 e2 7e 62 43 cc e8 30 0a 06  ......C.~bC..0..
ssl_tls.c:2913: |4| 0250:  08 2a 86 48 ce 3d 04 03 02 30 3e 31 0b 30 09 06  .*.H.=...0>1.0..
ssl_tls.c:2913: |4| 0260:  03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03 55 04  .U....NL1.0...U.
ssl_tls.c:2913: |4| 0270:  0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30 1a 06  ...PolarSSL1.0..
ssl_tls.c:2913: |4| 0280:  03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c 20 54  .U....Polarssl T
ssl_tls.c:2913: |4| 0290:  65 73 74 20 45 43 20 43 41 30 1e 17 0d 31 33 30  est EC CA0...130
ssl_tls.c:2913: |4| 02a0:  39 32 34 31 35 34 39 34 38 5a 17 0d 32 33 30 39  924154948Z..2309
ssl_tls.c:2913: |4| 02b0:  32 32 31 35 34 39 34 38 5a 30 3e 31 0b 30 09 06  22154948Z0>1.0..
ssl_tls.c:2913: |4| 02c0:  03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03 55 04  .U....NL1.0...U.
ssl_tls.c:2913: |4| 02d0:  0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30 1a 06  ...PolarSSL1.0..
ssl_tls.c:2913: |4| 02e0:  03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c 20 54  .U....Polarssl T
ssl_tls.c:2913: |4| 02f0:  65 73 74 20 45 43 20 43 41 30 76 30 10 06 07 2a  est EC CA0v0...*
ssl_tls.c:2913: |4| 0300:  86 48 ce 3d 02 01 06 05 2b 81 04 00 22 03 62 00  .H.=....+...".b.
ssl_tls.c:2913: |4| 0310:  04 c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29  ...+4A7X/.V....)
ssl_tls.c:2913: |4| 0320:  43 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91  CKN.n..WS39X.R..
ssl_tls.c:2913: |4| 0330:  95 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c  .9.#._.$bH...).,
ssl_tls.c:2913: |4| 0340:  2d 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e  -...R...j.!....n
ssl_tls.c:2913: |4| 0350:  58 b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7  X....i..A.).._u.
ssl_tls.c:2913: |4| 0360:  47 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33  Go..)Ui.S; .f.`3
ssl_tls.c:2913: |4| 0370:  1e a3 81 a0 30 81 9d 30 1d 06 03 55 1d 0e 04 16  ....0..0...U....
ssl_tls.c:2913: |4| 0380:  04 14 9d 6d 20 24 49 01 3f 2b cb 78 b5 19 bc 7e  ...m $I.?+.x...~
ssl_tls.c:2913: |4| 0390:  24 c9 db fb 36 7c 30 6e 06 03 55 1d 23 04 67 30  $...6|0n..U.#.g0
ssl_tls.c:2913: |4| 03a0:  65 80 14 9d 6d 20 24 49 01 3f 2b cb 78 b5 19 bc  e...m $I.?+.x...
ssl_tls.c:2913: |4| 03b0:  7e 24 c9 db fb 36 7c a1 42 a4 40 30 3e 31 0b 30  ~$...6|.B.@0>1.0
ssl_tls.c:2913: |4| 03c0:  09 06 03 55 04 06 13 02 4e 4c 31 11 30 0f 06 03  ...U....NL1.0...
ssl_tls.c:2913: |4| 03d0:  55 04 0a 13 08 50 6f 6c 61 72 53 53 4c 31 1c 30  U....PolarSSL1.0
ssl_tls.c:2913: |4| 03e0:  1a 06 03 55 04 03 13 13 50 6f 6c 61 72 73 73 6c  ...U....Polarssl
ssl_tls.c:2913: |4| 03f0:  20 54 65 73 74 20 45 43 20 43 41 82 09 00 c1 43   Test EC CA....C
ssl_tls.c:2913: |4| 0400:  e2 7e 62 43 cc e8 30 0c 06 03 55 1d 13 04 05 30  .~bC..0...U....0
ssl_tls.c:2913: |4| 0410:  03 01 01 ff 30 0a 06 08 2a 86 48 ce 3d 04 03 02  ....0...*.H.=...
ssl_tls.c:2913: |4| 0420:  03 69 00 30 66 02 31 00 c3 b4 62 73 56 28 95 00  .i.0f.1...bsV(..
ssl_tls.c:2913: |4| 0430:  7d 78 12 26 d2 71 7b 19 f8 8a 98 3e 92 fe 33 9e  }x.&.q{....>..3.
ssl_tls.c:2913: |4| 0440:  e4 79 d2 fe 7a b7 87 74 3c 2b b8 d7 69 94 0b a3  .y..z..t<+..i...
ssl_tls.c:2913: |4| 0450:  67 77 b8 b3 be d1 36 32 02 31 00 fd 67 9c 94 23  gw....62.1..g..#
ssl_tls.c:2913: |4| 0460:  67 c0 56 ba 4b 33 15 00 c6 e3 cc 31 08 2c 9c 8b  g.V.K3.....1.,..
ssl_tls.c:2913: |4| 0470:  da a9 75 23 2f b8 28 e7 f2 9c 14 3a 40 01 5c af  ..u#/.(....:@.\.
ssl_tls.c:2913: |4| 0480:  0c b2 cf 74 7f 30 9f 08 43 ad 20                 ...t.0..C. 
ssl_tls.c:2471: |2| => flush output

Evgeniy_Vasyliev · June 25, 2019, 8:09am

Continuation (last part):

ssl_tls.c:2490: |2| message length: 1163, out_left: 1163
ssl_tls.c:2496: |2| ssl->f_send() returned 1163 (-0xfffffb75)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_tls.c:4363: |2| <= write certificate
ssl_srv.c:4219: |2| server state: 4
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3232: |2| => write server key exchange
ssl_srv.c:3011: |2| ECDHE curve: secp384r1
ssl_srv.c:3036: |3| value of 'ECDH: Q (X)' (381 bits) is:
ssl_srv.c:3036: |3|  14 9f 5e 09 45 67 fd 65 e9 fd 91 10 1a 15 13 e5
ssl_srv.c:3036: |3|  5a 95 70 0e 9a b1 67 7a bd 67 75 de e7 5d 0b 6c
ssl_srv.c:3036: |3|  a4 ee 4d d6 92 76 2a f4 c1 c8 a9 ba e4 74 45 5b
ssl_srv.c:3036: |3| value of 'ECDH: Q (Y)' (384 bits) is:
ssl_srv.c:3036: |3|  90 98 98 6c 9b 85 26 6c 21 70 36 32 17 4b ad 29
ssl_srv.c:3036: |3|  8b 64 a9 7a 57 a2 cc 25 7f e5 46 82 bc 07 1c c1
ssl_srv.c:3036: |3|  38 05 45 47 12 a7 66 9f d3 89 b7 d4 2f 27 9e ce
ssl_srv.c:3099: |3| pick hash algorithm 6 for signing
ssl_srv.c:3137: |3| dumping 'parameters hash' (32 bytes)
ssl_srv.c:3137: |3| 0000:  de 1a a1 9c 53 03 29 58 a9 36 a7 11 32 c0 2d 56  ....S.)X.6..2.-V
ssl_srv.c:3137: |3| 0010:  c8 e3 80 d1 82 9f 51 4c 86 18 97 b8 f0 6f 35 0b  ......QL.....o5.
ssl_srv.c:3297: |3| dumping 'my signature' (71 bytes)
ssl_srv.c:3297: |3| 0000:  30 45 02 21 00 d1 7e a8 dc 27 fe 0d a3 01 3e 93  0E.!..~..'....>.
ssl_srv.c:3297: |3| 0010:  ae e5 a5 ef 03 92 f1 67 f6 b9 d0 f4 7e 4a 2e 44  .......g....~J.D
ssl_srv.c:3297: |3| 0020:  30 75 a1 60 37 02 20 15 e2 20 9c ed 05 b1 a9 b8  0u.`7. .. ......
ssl_srv.c:3297: |3| 0030:  45 e2 d2 d2 53 24 98 32 fd cb 70 2e e5 a8 b9 48  E...S$.2..p....H
ssl_srv.c:3297: |3| 0040:  72 c3 c0 1f f7 cd 3d                             r.....=
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 180
ssl_tls.c:2913: |4| dumping 'output record sent to network' (185 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 b4 0c 00 00 b0 03 00 18 61 04 14 9f  ............a...
ssl_tls.c:2913: |4| 0010:  5e 09 45 67 fd 65 e9 fd 91 10 1a 15 13 e5 5a 95  ^.Eg.e........Z.
ssl_tls.c:2913: |4| 0020:  70 0e 9a b1 67 7a bd 67 75 de e7 5d 0b 6c a4 ee  p...gz.gu..].l..
ssl_tls.c:2913: |4| 0030:  4d d6 92 76 2a f4 c1 c8 a9 ba e4 74 45 5b 90 98  M..v*......tE[..
ssl_tls.c:2913: |4| 0040:  98 6c 9b 85 26 6c 21 70 36 32 17 4b ad 29 8b 64  .l..&l!p62.K.).d
ssl_tls.c:2913: |4| 0050:  a9 7a 57 a2 cc 25 7f e5 46 82 bc 07 1c c1 38 05  .zW....F.....8.
ssl_tls.c:2913: |4| 0060:  45 47 12 a7 66 9f d3 89 b7 d4 2f 27 9e ce 04 03  EG..f...../'....
ssl_tls.c:2913: |4| 0070:  00 47 30 45 02 21 00 d1 7e a8 dc 27 fe 0d a3 01  .G0E.!..~..'....
ssl_tls.c:2913: |4| 0080:  3e 93 ae e5 a5 ef 03 92 f1 67 f6 b9 d0 f4 7e 4a  >........g....~J
ssl_tls.c:2913: |4| 0090:  2e 44 30 75 a1 60 37 02 20 15 e2 20 9c ed 05 b1  .D0u.`7. .. ....
ssl_tls.c:2913: |4| 00a0:  a9 b8 45 e2 d2 d2 53 24 98 32 fd cb 70 2e e5 a8  ..E...S$.2..p...
ssl_tls.c:2913: |4| 00b0:  b9 48 72 c3 c0 1f f7 cd 3d                       .Hr.....=
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 185, out_left: 185
ssl_tls.c:2496: |2| ssl->f_send() returned 185 (-0xffffff47)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:3316: |2| <= write server key exchange
ssl_srv.c:4219: |2| server state: 5
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:2645: |2| => write certificate request
ssl_srv.c:2663: |2| <= skip write certificate request
ssl_srv.c:4219: |2| server state: 6
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3324: |2| => write server hello done
ssl_tls.c:2764: |2| => write record
ssl_tls.c:2910: |3| output record: msgtype = 22, version = [3:3], msglen = 4
ssl_tls.c:2913: |4| dumping 'output record sent to network' (9 bytes)
ssl_tls.c:2913: |4| 0000:  16 03 03 00 04 0e 00 00 00                       .........
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2490: |2| message length: 9, out_left: 9
ssl_tls.c:2496: |2| ssl->f_send() returned 9 (-0xfffffff7)
ssl_tls.c:2523: |2| <= flush output
ssl_tls.c:2922: |2| <= write record
ssl_srv.c:3343: |2| <= write server hello done
ssl_srv.c:4219: |2| server state: 7
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:4376: |2| => parse certificate
ssl_tls.c:4406: |2| <= skip parse certificate
ssl_srv.c:4219: |2| server state: 8
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3664: |2| => parse client key exchange
ssl_tls.c:3809: |2| => read record
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3552: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3552: |4| 0000:  16 03 03 00 66                                   ....f
ssl_tls.c:3561: |3| input record: msgtype = 22, version = [3:3], msglen = 102
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 107
ssl_tls.c:2437: |2| in_left: 5, nb_want: 107
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 102 (-0xffffff9a)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3738: |4| dumping 'input record from network' (107 bytes)
ssl_tls.c:3738: |4| 0000:  16 03 03 00 66 10 00 00 62 61 04 47 7b d0 ce 57  ....f...ba.G{..W
ssl_tls.c:3738: |4| 0010:  f4 05 6b 41 80 60 5c 1e ec 66 1b d2 d7 78 c3 ab  ..kA.`\..f...x..
ssl_tls.c:3738: |4| 0020:  07 a8 58 2c 79 e2 fe dc 7d ea 5a 26 65 ae e4 41  ..X,y...}.Z&e..A
ssl_tls.c:3738: |4| 0030:  db ec e8 78 8c 2c 30 e4 b3 56 55 13 fb e5 8a 72  ...x.,0..VU....r
ssl_tls.c:3738: |4| 0040:  12 3e 28 c4 7b d1 13 d2 1e e8 90 ab bc 70 3a 04  .>(.{........p:.
ssl_tls.c:3738: |4| 0050:  34 c0 52 0f 8b ba 92 6f eb c9 ff 3a 33 d1 71 80  4.R....o...:3.q.
ssl_tls.c:3738: |4| 0060:  cf 4c 96 4e 70 fe 13 9f 1b 90 34                 .L.Np.....4
ssl_tls.c:3161: |3| handshake message: msglen = 102, type = 16, hslen = 102
ssl_tls.c:3846: |2| <= read record
ssl_srv.c:3746: |3| value of 'ECDH: Qp (X)' (383 bits) is:
ssl_srv.c:3746: |3|  47 7b d0 ce 57 f4 05 6b 41 80 60 5c 1e ec 66 1b
ssl_srv.c:3746: |3|  d2 d7 78 c3 ab 07 a8 58 2c 79 e2 fe dc 7d ea 5a
ssl_srv.c:3746: |3|  26 65 ae e4 41 db ec e8 78 8c 2c 30 e4 b3 56 55
ssl_srv.c:3746: |3| value of 'ECDH: Qp (Y)' (381 bits) is:
ssl_srv.c:3746: |3|  13 fb e5 8a 72 12 3e 28 c4 7b d1 13 d2 1e e8 90
ssl_srv.c:3746: |3|  ab bc 70 3a 04 34 c0 52 0f 8b ba 92 6f eb c9 ff
ssl_srv.c:3746: |3|  3a 33 d1 71 80 cf 4c 96 4e 70 fe 13 9f 1b 90 34
ssl_srv.c:3758: |3| value of 'ECDH: z  ' (381 bits) is:
ssl_srv.c:3758: |3|  1b ae a1 dc a7 a4 36 02 8d dc e2 18 ba 2a 15 23
ssl_srv.c:3758: |3|  87 c8 91 1a c5 0f b0 3d 45 3c f2 0d 73 79 e3 51
ssl_srv.c:3758: |3|  5d 0e f5 ad 75 04 40 66 a5 d3 6c 60 eb d3 6e e1
ssl_tls.c:0509: |2| => derive keys
ssl_tls.c:0587: |3| dumping 'premaster secret' (48 bytes)
ssl_tls.c:0587: |3| 0000:  1b ae a1 dc a7 a4 36 02 8d dc e2 18 ba 2a 15 23  ......6......*.#
ssl_tls.c:0587: |3| 0010:  87 c8 91 1a c5 0f b0 3d 45 3c f2 0d 73 79 e3 51  .......=E<..sy.Q
ssl_tls.c:0587: |3| 0020:  5d 0e f5 ad 75 04 40 66 a5 d3 6c 60 eb d3 6e e1  ]...u.@f..l`..n.
ssl_tls.c:0676: |3| ciphersuite = TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ssl_tls.c:0677: |3| dumping 'master secret' (48 bytes)
ssl_tls.c:0677: |3| 0000:  e0 9c c8 14 de 37 e0 d7 6a 4b f7 67 ef 1f 46 04  .....7..jK.g..F.
ssl_tls.c:0677: |3| 0010:  28 a7 97 2d 14 79 55 bf 61 a9 be 4d 33 d0 93 40  (..-.yU.a..M3..@
ssl_tls.c:0677: |3| 0020:  7e ee 03 6e f8 6e b9 75 21 d7 d1 6b 62 5c e1 45  ~..n.n.u!..kb\.E
ssl_tls.c:0678: |4| dumping 'random bytes' (64 bytes)
ssl_tls.c:0678: |4| 0000:  00 00 00 00 54 ee 5b cf 6c 93 45 ef b4 67 23 e1  ....T.[.l.E..g#.
ssl_tls.c:0678: |4| 0010:  d1 29 92 1a ba e4 29 c4 c9 d3 ad 47 c9 12 fd e5  .)....)....G....
ssl_tls.c:0678: |4| 0020:  92 d8 ad 10 0f 61 c8 87 d6 c3 22 19 dc 99 d7 66  .....a...."....f
ssl_tls.c:0678: |4| 0030:  8c d1 3d d3 6f f8 b8 b4 10 ac ca 16 81 c6 02 24  ..=.o..........$
ssl_tls.c:0679: |4| dumping 'key block' (256 bytes)
ssl_tls.c:0679: |4| 0000:  09 ba 2b 8a 09 77 7d 98 1c 43 18 a5 ac 1d 0e c4  ..+..w}..C......
ssl_tls.c:0679: |4| 0010:  66 25 c4 3b 07 4f 82 ca 45 60 51 37 df 35 3f bd  f.;.O..E`Q7.5?.
ssl_tls.c:0679: |4| 0020:  a6 8d 9c ea e7 b4 89 d3 5f bf 03 e8 2e e8 97 de  ........_.......
ssl_tls.c:0679: |4| 0030:  0a e9 69 06 24 cd ed d9 ff e0 33 c8 3b ff 09 a5  ..i.$.....3.;...
ssl_tls.c:0679: |4| 0040:  71 99 1f bc 9c f5 80 e5 33 57 cc e2 c4 5c 67 e6  q.......3W...\g.
ssl_tls.c:0679: |4| 0050:  b5 36 c9 a5 51 70 e0 28 fc 1a 5a e7 61 df ae 9e  .6..Qp.(..Z.a...
ssl_tls.c:0679: |4| 0060:  76 06 5c 01 11 99 2a b2 ca eb b6 c1 1a 13 c7 8a  v.\...*.........
ssl_tls.c:0679: |4| 0070:  be 17 53 e4 b1 27 01 4e 62 66 73 13 56 f7 00 63  ..S..'.Nbfs.V..c
ssl_tls.c:0679: |4| 0080:  c8 51 b8 7d 1e 7b 7b f0 de 7d 98 c3 9f 42 c7 18  .Q.}.{{..}...B..
ssl_tls.c:0679: |4| 0090:  28 93 a4 25 de 9c 82 f2 52 54 2d d6 5f fc a5 b4  (......RT-._...
ssl_tls.c:0679: |4| 00a0:  8c 74 f3 5c 89 3e 7a 52 55 19 ab e4 88 e6 ba a6  .t.\.>zRU.......
ssl_tls.c:0679: |4| 00b0:  b4 25 23 06 18 0f ed 79 76 4c 92 3a 2a 34 e4 a4  .#....yvL.:*4..
ssl_tls.c:0679: |4| 00c0:  8f 47 23 26 df cf 91 75 91 18 d9 77 fd 5e 79 d5  .G#&...u...w.^y.
ssl_tls.c:0679: |4| 00d0:  d3 6d 06 0c 16 30 a0 45 6c 67 5e ab 26 5a 74 e1  .m...0.Elg^.&Zt.
ssl_tls.c:0679: |4| 00e0:  dd ac 2c 98 96 2d 88 95 e8 c6 34 52 cf 4b 94 bd  ..,..-....4R.K..
ssl_tls.c:0679: |4| 00f0:  51 57 ac cb 43 e5 a3 53 27 3a d2 99 70 6d d5 cf  QW..C..S':..pm..
ssl_tls.c:0788: |3| keylen: 16, minlen: 24, ivlen: 12, maclen: 0
ssl_tls.c:0983: |2| <= derive keys
ssl_srv.c:3928: |2| <= parse client key exchange
ssl_srv.c:4219: |2| server state: 9
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_srv.c:3975: |2| => parse certificate verify
ssl_srv.c:3984: |2| <= skip parse certificate verify
ssl_srv.c:4219: |2| server state: 10
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:4779: |2| => parse change cipher spec
ssl_tls.c:3809: |2| => read record
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 0, nb_want: 5
ssl_tls.c:2437: |2| in_left: 0, nb_want: 5
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3552: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3552: |4| 0000:  14 03 03 00 01                                   .....
ssl_tls.c:3561: |3| input record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:2252: |2| => fetch input
ssl_tls.c:2413: |2| in_left: 5, nb_want: 6
ssl_tls.c:2437: |2| in_left: 5, nb_want: 6
ssl_tls.c:2438: |2| ssl->f_recv(_timeout)() returned 1 (-0xffffffff)
ssl_tls.c:2458: |2| <= fetch input
ssl_tls.c:3738: |4| dumping 'input record from network' (6 bytes)
ssl_tls.c:3738: |4| 0000:  14 03 03 00 01 01                                ......
ssl_tls.c:3846: |2| <= read record
ssl_tls.c:4807: |3| switching to new transform spec for inbound data
ssl_tls.c:4857: |2| <= parse change cipher spec
ssl_srv.c:4219: |2| server state: 11
ssl_tls.c:2471: |2| => flush output
ssl_tls.c:2483: |2| <= flush output
ssl_tls.c:5415: |2| => parse finished
ssl_tls.c:5114: |2| => calc  finished tls sha256
ssl_tls.c:5126: |4| dumping 'finished sha2 state' (32 bytes)
ssl_tls.c:5126: |4| 0000:  19 85 1c 71 83 2a 35 b0 27 1f c9 05 a6 47 64 5b  ...q.*5.'....Gd[
ssl_tls.c:5126: |4| 0010:  c5 9c 67 2e 8c 04 be e2 6d d5 ea 8a cf 6a aa 3e  ..g.....m....j.>
ssl_tls.c:5138: |3| dumping 'calc finished result' (12 bytes)
ssl_tls.c:5138: |3| 0000:  93 18 25 63 2d 78 64 c3 9e 77 b3 3c              ..

roneld01 · June 25, 2019, 8:53am

Hi @Evgeniy_Vasyliev
Since the error is different, prob ably because of timeout, I am guessing that the original error is related to the fact you are using the Mbed TLS test certificate, which are not trusted by the Browser.
Have you set test-ca2.crt as a trusted CA root certificate in your Browser’s certificate store?
This actually puzzles me why the connection works some of the times…
Regards

Evgeniy_Vasyliev · June 25, 2019, 10:33am

Well, test-ca2.crt from certs.c is the one using RSA, I can not use it cause there is not enough memory in my MCU for RSA. So, I am using the one generated using curves (mbedtls_test_srv_crt_ec).

I already set everywhere possible this certificate as trusted, but still same effect…

Evgeniy_Vasyliev · June 25, 2019, 10:40am

@roneld01, just by chance maybe you see something useful from the above logs? Cause I am stuck and actually do now know where to watch, I think I tried everything possible about this problem, which came into my mind during last 5 days… Any advise what to change or some mbedTLS settings to play with?

roneld01 · June 25, 2019, 11:19am

Hi @Evgeniy_Vasyliev
test-ca2.crt uses EC keys:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13926223505202072808 (0xc143e27e6243cce8)
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=NL, O=PolarSSL, CN=Polarssl Test EC CA
        Validity
            Not Before: Sep 24 15:49:48 2013 GMT
            Not After : Sep 22 15:49:48 2023 GMT
        Subject: C=NL, O=PolarSSL, CN=Polarssl Test EC CA
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub: 
                    04:c3:da:2b:34:41:37:58:2f:87:56:fe:fc:89:ba:
                    29:43:4b:4e:e0:6e:c3:0e:57:53:33:39:58:d4:52:
                    b4:91:95:39:0b:23:df:5f:17:24:62:48:fc:1a:95:
                    29:ce:2c:2d:87:c2:88:52:80:af:d6:6a:ab:21:dd:
                    b8:d3:1c:6e:58:b8:ca:e8:b2:69:8e:f3:41:ad:29:
                    c3:b4:5f:75:a7:47:6f:d5:19:29:55:69:9a:53:3b:
                    20:b4:66:16:60:33:1e
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                9D:6D:20:24:49:01:3F:2B:CB:78:B5:19:BC:7E:24:C9:DB:FB:36:7C
            X509v3 Authority Key Identifier: 
                keyid:9D:6D:20:24:49:01:3F:2B:CB:78:B5:19:BC:7E:24:C9:DB:FB:36:7C
                DirName:/C=NL/O=PolarSSL/CN=Polarssl Test EC CA
                serial:C1:43:E2:7E:62:43:CC:E8

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: ecdsa-with-SHA256
         30:66:02:31:00:c3:b4:62:73:56:28:95:00:7d:78:12:26:d2:
         71:7b:19:f8:8a:98:3e:92:fe:33:9e:e4:79:d2:fe:7a:b7:87:
         74:3c:2b:b8:d7:69:94:0b:a3:67:77:b8:b3:be:d1:36:32:02:
         31:00:fd:67:9c:94:23:67:c0:56:ba:4b:33:15:00:c6:e3:cc:
         31:08:2c:9c:8b:da:a9:75:23:2f:b8:28:e7:f2:9c:14:3a:40:
         01:5c:af:0c:b2:cf:74:7f:30:9f:08:43:ad:20

I already set everywhere possible this certificate as trusted, but still same effect…

Which certificate? The CA root certificate?

Any advise what to change or some mbedTLS settings to play with?

Without the correct log that shows the failure on the server side, there is no indication on why handshake failed. There are two logs: One indicates that the client closed the connection, another indicates that the server closed the connection.
Is it possible to store the logs in RAM, and perhaps store to flash after failure?

Evgeniy_Vasyliev · June 26, 2019, 8:07am

@roneld01,
thank you for your help. Yes, you are right, I missed. I am exactly using test-ca2.crt, I pasted it as a trusted CA root certificate in Google Chrome and Windows OS and it gave no result.

I tried getting the logs, however anyway I make it each time I receive -80 (-0x50) error, however once I stop logs - the error -30592 (-0x7780) is caught. I do not have any external RAM for storing the logs, so currently I am puzzled what to do…

Current situation with browsers:

Mozilla Firefox: OK
Microsoft Edge: OK
Google Chrome: error -30592 (-0x7780)
Opera: error -30592 (-0x7780) - seems that it is using same engine as Google Chrome
Microsoft IE: working quite strange in general, so I am not targeting on it
Safari: not tested yet

roneld01 · June 26, 2019, 8:40am

Hi @Evgeniy_Vasyliev
Please indicate which peer returns the error every time.
My understanding is the the client ( Google Chrome for example) returns -0x7780, and adding logs, the server returns -0x50.
Each error indicate an issue on the remote peer, which makes it difficult to debug…
Can you indicate what is the ciphersuite use with Mozilla and Microsoft Edge?

Can you capture with wireshark or other network sniffer to at least understand when the fatal alert is being sent by server? I mean, after what client message. Better yet, if the fatal alert is being sent in the initial handshake, it may not be encrypted, and you can see the full fatal alert message. Please check what it is.
Regards,
Mbed TLS Team member
Ron

Evgeniy_Vasyliev · June 28, 2019, 1:26pm

@roneld01, thank you for your kind support.

I see that in Google Chrome there is an exception regarding self-signed certificate:

Certificate - Subject Alternative Name missing
The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.

I thought that maybe due to this the handshake error is present.

Can you please tell me if it is possible to generate SSL certificate using cert_write tool with Subject Alternative Name specifying? I can see the following options in it:

 usage: cert_write param=<>...

 acceptable parameters:
    request_file=%s         default: (empty)
                            If request_file is specified, subject_key,
                            subject_pwd and subject_name are ignored!
    subject_key=%s          default: subject.key
    subject_pwd=%s          default: (empty)
    subject_name=%s         default: CN=Cert,O=mbed TLS,C=UK

    issuer_crt=%s           default: (empty)
                            If issuer_crt is specified, issuer_name is
                            ignored!
    issuer_name=%s          default: CN=CA,O=mbed TLS,C=UK

    selfsign=%d             default: 0 (false)
                            If selfsign is enabled, issuer_name and
                            issuer_key are required (issuer_crt and
                            subject_* are ignored
    issuer_key=%s           default: ca.key
    issuer_pwd=%s           default: (empty)
    output_file=%s          default: cert.crt
    serial=%s               default: 1
    not_before=%s           default: 20010101000000
    not_after=%s            default: 20301231235959
    is_ca=%d                default: 0 (disabled)
    max_pathlen=%d          default: -1 (none)
    md=%s                   default: SHA256
                            Supported values:
                            MD5, SHA1, SHA256, SHA512
    version=%d              default: 3
                            Possible values: 1, 2, 3
    subject_identifier=%s   default: 1
                            Possible values: 0, 1
                            (Considered for v3 only)
    authority_identifier=%s default: 1
                            Possible values: 0, 1
                            (Considered for v3 only)
    basic_constraints=%d    default: 1
                            Possible values: 0, 1
                            (Considered for v3 only)
    key_usage=%s            default: (empty)
                            Comma-separated-list of values:
                            digital_signature
                            non_repudiation
                            key_encipherment
                            data_encipherment
                            key_agreement
                            key_cert_sign
                            crl_sign
                            (Considered for v3 only)
    ns_cert_type=%s         default: (empty)
                            Comma-separated-list of values:
                            ssl_client
                            ssl_server
                            email
                            object_signing
                            ssl_ca
                            email_ca
                            object_signing_ca

However, I can not find anything about alternative subject name…

As always, thank you!

roneld01 · June 30, 2019, 8:14am

Hi @Evgeniy_Vasyliev
Unfortunately, Mbed TLS does not have an API for writing subject Alternative names.
It does have mbedtls_x509write_crt_set_extension() which you can use for writing your extension, but you will need to set the value as expected in the subject alternative name extension, according to the standard.
I would recommend you use a different tool for writing your certificate, such as openssl
Regards

Topic		Replies	Views
Mbedtls_ssl_handshake gives 0x6180 error (failed to allocate memory) after 2 hours of operation Mbed TLS	1	758	December 2, 2019
Error 0x7780 during handshake Mbed TLS mbed_tls	7	8699	May 10, 2023
MbedTLS Handshake failing between client & server (v 3.4.0) Bug Reports / Issues mbed_client , mbed_tls	0	546	June 21, 2023
Mbed TLS key failure Mbed TLS	25	3580	February 26, 2020
Mbedtls_ssl_handshake return error -0x2700 Generic mbed_client , mbed_tls , mbed_os	8	12746	February 3, 2020

Mbedtls_ssl_handshake fails and returns -0x4D80 error code

Related topics