mbedTLS SSL handshake issue


I need to implement SSL connection for IoT purposes on STM Nucleo. I have generated project in CubeMX with lwIP stack and mbedTLS(2.4.0) libraries. I’m trying to connect to the server, so I have used ssl_client1 example. But there is a problem in the SSL handshake. I’m not so experienced in SSL and mbedTLS so after trying what can I do, I have to give up. Can you please help me? I’m sorry if I have overlooked something.

Here is log from my attempt:

. Seeding the random number generator… ok
. Loading the CA root certificate … ok (1 skipped)
. Connecting to tcp/iotlorawan.azurewebsites.net/443… ok
. Setting up the SSL/TLS structure… ok
. Performing the SSL/TLS handshake…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:6335: => handshake
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:3279: client state: 0
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2416: => flush output
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2428: <= flush output
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:3279: client state: 1
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2416: => flush output
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2428: <= flush output
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0717: => write client hello
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0755: client hello, max version: [3:3]
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0693: client hello, current time: 0
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0764: dumping ‘client hello, random bytes’ (32 bytes)
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0764: 0000: 00 00 00 00 71 e2 b7 e8 a9 fa 9c 25 d4 63 4f 5b …q…%.cO[
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0764: 0010: ad d8 51 07 1e 34 6a 1c 02 ab a8 22 82 55 a2 f7 …Q…4j…".U…
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0817: client hello, session id len.: 0
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0818: dumping ‘client hello, session id’ (0 bytes)
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0885: client hello, add ciphersuite: c02c
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0885: client hello, add ciphersuite: c02b
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0918: client hello, got 3 ciphersuites
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0949: client hello, compress len.: 1
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0951: client hello, compress alg.: 0
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0178: client hello, adding signature_algorithms extension
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0263: client hello, adding supported_elliptic_curves extension
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:0326: client hello, adding supported_point_formats extension
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:1023: client hello, total extension length: 38
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2701: => write record
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2838: output record: msgtype = 22, version = [3:1], msglen = 89
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2841: dumping ‘output record sent to network’ (94 bytes)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2841: 0000: 16 03 01 00 59 01 00 00 55 03 03 00 00 00 00 71 …Y…U…q
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2841: 0010: e2 b7 e8 a9 fa 9c 25 d4 63 4f 5b ad d8 51 07 1e …%.cO[…Q…
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2841: 0020: 34 6a 1c 02 ab a8 22 82 55 a2 f7 00 00 06 c0 2c 4j…".U…,
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2841: 0030: c0 2b 00 ff 01 00 00 26 00 0d 00 12 00 10 06 03 .+…&…
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2841: 0040: 06 01 05 03 05 01 04 03 04 01 03 03 03 01 00 0a …
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2841: 0050: 00 06 00 04 00 18 00 17 00 0b 00 02 01 00 …
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2416: => flush output
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2435: message length: 94, out_left: 94
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2441: ssl->f_send() returned 94 (-0xffffffa2)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2460: <= flush output
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2850: <= write record
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:1049: <= write client hello
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:3279: client state: 2
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2416: => flush output
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2428: <= flush output
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:1410: => parse server hello
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:3728: => read record
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2208: => fetch input
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2366: in_left: 0, nb_want: 5
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2390: in_left: 0, nb_want: 5
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2391: ssl->f_recv(_timeout)() returned -80 (-0x0050)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:3789: mbedtls_ssl_fetch_input() returned -80 (-0x0050)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:3734: mbedtls_ssl_read_record_layer() returned -80 (-0x0050)
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:1416: mbedtls_ssl_read_record() returned -80 (-0x0050)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:6345: <= handshake
! mbedtls_ssl_handshake returned -0x50

…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:7055: => free
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:7120: <= free

Hi @JiriPelant
Thank you for your question and for your interest in Mbed TLS!

The error you are receiving is:

#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050  /**< Connection was reset by peer. */

This is because the server couldn’t negotiate a successful connection with the given information from the clientHello message.
In your log, I see you only try to negotiate two cipher suites:

#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /** TLS 1.2 */

And the server probably disconnects because of that.
I have tried connecting to the server you posted, with the default configuration, and got past this stage (I got failure because I didn’t set the correct ca root certificate).
The chosen ciphersuite was:

ssl_cli.c:1782: |3| server hello, chosen ciphersuite: c030
ssl_cli.c:1783: |3| server hello, compress alg.: 0
ssl_cli.c:1815: |3| server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

Please try to add this ciphersuite, and set the correct ca as a trusted root certificate.
I believe this blog may help you.
Mbed TLS Team member

Hi Ron!

Many thanks for your help!!! You were right, there was missing ciphersute used by the server.


Beside this, i had to define SHA1 used by my certificate:

#define MBEDTLS_SHA1_C

And finally upsize these two constants:

#define MBEDTLS_MPI_MAX_SIZE            512 
#define MBEDTLS_SSL_MAX_CONTENT_LEN             4096

Hi Jiri,
I am glad you resolved your issue!

Why did you need to define MBEDTLS_SHA1_C?
The certificates received by the server, and the CA certificates are digested with SHA256.

Note that using SHA1 is not recommended.

If you defined it because your client certificate is signed with RSA and SHA1, then I recomend you sign your certificate with a stronger digest.

Hi Ron,

if I undefine MBEDTLS_SHA1_C, connection fails on mbedtls_x509_crt_parse returned -0x262e.

I’m sorry for my poor SSL knowledge. My process was beside definition above mentioned defines adding certificate. I have downloaded the certificate from the blog you advised to me. I have copied the Baltimore certificate to my program and loaded (only it) by mbedtls_x509_crt_parse(). And it is all. When I look to the certificate, there is written hash algorithm as sha1. Am I wrong?


Hi Jifi,
If you are getting this error, the certificate you are using is probably using SHA1.
Isn’t there a different certificate using SHA256?