ARMmbed

Receive gets blocks at while intigrating cloud on client state:12

Hi While working with integrating cloud on embedded platform i’ m using Mbed TLS ,
While performing handshake its able to exchange hello, but when it tries to do SERVER_CHANGE_CIPHER_SPEC it block on ssl->f_recv function and does nothing.

These are my logs i have added function lines in log for batter clarity.

fun mbedtls_ssl_handshake, line 6481

=> handshake
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 0 //MBEDTLS_SSL_HELLO_REQUEST:
client state: 0
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 1 //MBEDTLS_SSL_CLIENT_HELLO,
client state: 1
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> write client hello
client hello, max version: [3:3]
client hello, current time: 1530597388
client hello, session id len.: 0
=> write record
output record: msgtype = 22, version = [3:3], msglen = 287
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2506
message length: 292, out_left: 292
fun mbedtls_ssl_flush_output, line 2520
fun mbedtls_ssl_flush_output, line 2523
fun mbedtls_ssl_flush_output, line 2529
<= flush output
fun mbedtls_ssl_flush_output, line 2539
<= write record
<= write client hello
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 2 //MBEDTLS_SSL_SERVER_HELLO,
client state: 2
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
fun mbedtls_ssl_handshake_client_step, line 3375
fun ssl_parse_server_hello, line 1393
=> parse server hello
fun mbedtls_ssl_read_record, line 3804
=> read record
fun mbedtls_ssl_read_record, line 3810
fun mbedtls_ssl_read_record_layer, line 3844
fun mbedtls_ssl_read_record_layer, line 3865
fun mbedtls_ssl_read_record_layer, line 3875
fun mbedtls_ssl_fetch_input, line 2229
=> fetch input
fun mbedtls_ssl_fetch_input, line 2418
in_left: 0, nb_want: 5
fun mbedtls_ssl_fetch_input, line 2422
fun mbedtls_ssl_fetch_input, line 2425
fun mbedtls_ssl_fetch_input, line 2432
fun mbedtls_ssl_fetch_input, line 2446
in_left: 0, nb_want: 5
in_left 0, nb_want 5
fun mbedtls_ssl_fetch_input, line 2471
<= fetch input
fun mbedtls_ssl_read_record_layer, line 3883
input record: msgtype = 22, version = [3:3], msglen = 3710
fun mbedtls_ssl_fetch_input, line 2229
=> fetch input
fun mbedtls_ssl_fetch_input, line 2418
in_left: 5, nb_want: 3715
fun mbedtls_ssl_fetch_input, line 2422
fun mbedtls_ssl_fetch_input, line 2425
fun mbedtls_ssl_fetch_input, line 2432
fun mbedtls_ssl_fetch_input, line 2446
in_left: 5, nb_want: 3715
in_left 5, nb_want 3715
fun mbedtls_ssl_fetch_input, line 2471
<= fetch input
fun mbedtls_ssl_read_record_layer, line 3939
fun mbedtls_ssl_read_record_layer, line 4047
handshake message: msglen = 3710, type = 2, hslen = 81
fun mbedtls_ssl_read_record, line 3832
<= read record
fun mbedtls_ssl_read_record, line 3838
fun ssl_parse_server_hello, line 1473
server hello, current time: 1530597390
fun ssl_parse_server_hello, line 1540
fun ssl_parse_server_hello, line 1596
server hello, session id len.: 32
fun ssl_parse_server_hello, line 1621
fun ssl_parse_server_hello, line 1644
no session has been resumed
server hello, chosen ciphersuite: c027
server hello, compress alg.: 0
fun ssl_parse_server_hello, line 1651
fun ssl_parse_server_hello, line 1653
server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
fun ssl_parse_server_hello, line 1668
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
fun ssl_parse_server_hello, line 1672
server hello, total extension length: 5
fun ssl_parse_server_hello, line 1705
found renegotiation extension
fun ssl_parse_server_hello, line 1842
<= parse server hello
fun ssl_parse_server_hello, line 1902
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 3 //MBEDTLS_SSL_SERVER_CERTIFICATE
client state: 3
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> parse certificate
fun mbedtls_ssl_read_record, line 3804
=> read record
fun mbedtls_ssl_read_record, line 3810
fun mbedtls_ssl_read_record_layer, line 3844
fun mbedtls_ssl_read_record_layer, line 3849
fun mbedtls_ssl_read_record_layer, line 3858
handshake message: msglen = 3629, type = 11, hslen = 3264
fun mbedtls_ssl_read_record, line 3832
<= read record
fun mbedtls_ssl_read_record, line 3838
<= parse certificate
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 4 //MBEDTLS_SSL_SERVER_KEY_EXCHANGE
client state: 4
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> parse server key exchange
fun mbedtls_ssl_read_record, line 3804
=> read record
fun mbedtls_ssl_read_record, line 3810
fun mbedtls_ssl_read_record_layer, line 3844
fun mbedtls_ssl_read_record_layer, line 3849
fun mbedtls_ssl_read_record_layer, line 3858
handshake message: msglen = 365, type = 12, hslen = 333
fun mbedtls_ssl_read_record, line 3832
<= read record
fun mbedtls_ssl_read_record, line 3838
ECDH curve: secp256r1
Server used SignatureAlgorithm 1
Server used HashAlgorithm 2
<= parse server key exchange
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 5 //MBEDTLS_SSL_CERTIFICATE_REQUEST
client state: 5
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> parse certificate request
fun mbedtls_ssl_read_record, line 3804
=> read record
fun mbedtls_ssl_read_record, line 3810
fun mbedtls_ssl_read_record_layer, line 3844
fun mbedtls_ssl_read_record_layer, line 3849
fun mbedtls_ssl_read_record_layer, line 3858
handshake message: msglen = 32, type = 13, hslen = 28
fun mbedtls_ssl_read_record, line 3832
<= read record
fun mbedtls_ssl_read_record, line 3838
got a certificate request
Supported Signature Algorithm found: 6,1
Supported Signature Algorithm found: 6,3
Supported Signature Algorithm found: 4,1
Supported Signature Algorithm found: 5,1
Supported Signature Algorithm found: 2,1
Supported Signature Algorithm found: 4,3
Supported Signature Algorithm found: 5,3
Supported Signature Algorithm found: 2,3
<= parse certificate request
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 6 //MBEDTLS_SSL_SERVER_HELLO_DONE
client state: 6
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> parse server hello done
fun mbedtls_ssl_read_record, line 3804
=> read record
fun mbedtls_ssl_read_record, line 3810
fun mbedtls_ssl_read_record_layer, line 3844
fun mbedtls_ssl_read_record_layer, line 3849
fun mbedtls_ssl_read_record_layer, line 3858
handshake message: msglen = 4, type = 14, hslen = 4
fun mbedtls_ssl_read_record, line 3832
<= read record
fun mbedtls_ssl_read_record, line 3838
<= parse server hello done
Hello server done !
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 7 //MBEDTLS_SSL_CLIENT_CERTIFICATE
client state: 7
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> write certificate
=> write record
output record: msgtype = 22, version = [3:3], msglen = 7
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2506
message length: 12, out_left: 12
fun mbedtls_ssl_flush_output, line 2520
fun mbedtls_ssl_flush_output, line 2523
fun mbedtls_ssl_flush_output, line 2529
<= flush output
fun mbedtls_ssl_flush_output, line 2539
<= write record
<= write certificate
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 8 //MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
client state: 8
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> write client key exchange
=> write record
output record: msgtype = 22, version = [3:3], msglen = 70
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2506
message length: 75, out_left: 75
fun mbedtls_ssl_flush_output, line 2520
fun mbedtls_ssl_flush_output, line 2523
fun mbedtls_ssl_flush_output, line 2529
<= flush output
fun mbedtls_ssl_flush_output, line 2539
<= write record
<= write client key exchange
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 9 //MBEDTLS_SSL_CERTIFICATE_VERIFY
client state: 9
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> write certificate verify
=> derive keys
ciphersuite = TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
keylen: 16, minlen: 64, ivlen: 16, maclen: 32
<= derive keys
<= skip write certificate verify
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 10 //MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
client state: 10
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> write change cipher spec
=> write record
output record: msgtype = 20, version = [3:3], msglen = 1
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2506
message length: 6, out_left: 6
fun mbedtls_ssl_flush_output, line 2520
fun mbedtls_ssl_flush_output, line 2523
fun mbedtls_ssl_flush_output, line 2529
<= flush output
fun mbedtls_ssl_flush_output, line 2539
<= write record
<= write change cipher spec
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 11 //MBEDTLS_SSL_CLIENT_FINISHED
client state: 11
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> write finished
=> calc finished tls sha256
<= calc finished
switching to new transform spec for outbound data
=> write record
=> encrypt buf
before encrypt: msglen = 80, including 16 bytes of IV and 16 bytes of padding
<= encrypt buf
output record: msgtype = 22, version = [3:3], msglen = 80
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2506
message length: 85, out_left: 85
fun mbedtls_ssl_flush_output, line 2520
fun mbedtls_ssl_flush_output, line 2523
fun mbedtls_ssl_flush_output, line 2529
<= flush output
fun mbedtls_ssl_flush_output, line 2539
<= write record
<= write finished
fun mbedtls_ssl_handshake_client_step, line 3456
fun mbedtls_ssl_handshake_step, line 6472
fun mbedtls_ssl_handshake, line 6495
fun mbedtls_ssl_handshake, line 6492
fun mbedtls_ssl_handshake_step, line 6454
fun mbedtls_ssl_handshake_step, line 6463
fun mbedtls_ssl_handshake_client_step, line 3316
client state: 12 //MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
client state: 12
fun mbedtls_ssl_flush_output, line 2482
=> flush output
fun mbedtls_ssl_flush_output, line 2499
<= flush output
fun mbedtls_ssl_handshake_client_step, line 3329
fun mbedtls_ssl_handshake_client_step, line 3353
=> parse change cipher spec
=> parse change cipher spec
fun mbedtls_ssl_parse_change_cipher_spec, line 4639
fun mbedtls_ssl_read_record, line 3804
=> read record
fun mbedtls_ssl_read_record, line 3810
fun mbedtls_ssl_read_record_layer, line 3844
fun mbedtls_ssl_read_record_layer, line 3865
fun mbedtls_ssl_read_record_layer, line 3875
fun mbedtls_ssl_fetch_input, line 2229
=> fetch input
fun mbedtls_ssl_fetch_input, line 2418
in_left: 0, nb_want: 5
fun mbedtls_ssl_fetch_input, line 2422
fun mbedtls_ssl_fetch_input, line 2425
fun mbedtls_ssl_fetch_input, line 2432
fun mbedtls_ssl_fetch_input, line 2446 //Blocks here and does nothing

Can i get help in here.
Response would be appreciated.
Thank you !

Hi @rutvijtrivedi001
Without knowing exactly what Mbed TLS version you are using, the line numbers don’t mean much.
However, as you stated, it gets blocked within the f_recv callback function.
You should check your networking stack, to identify root cause for your recv callback being blocked.
You could consider using f_recv_timeout instead.
Regards,
Mbed TLS Team member
Ron

My current mbed TLS version is 2.4.0.

@rutvijtrivedi001 Thank you for your information.
However, The line numbers inyour log do not correspond to Mbed TLS 2.4.0
mbedtls_ssl_fetch_input() inthis version is from line 2203 to line 2406

In addition, I suggest you update your version to one of the LTS versions, such as Mbed TLS 2.7.x

Nonetheless, as mentioned before, since the blocking is probably in the recv function,you should check your networking stack.

Hi thank you for the reply.
I will defiantly dig into network stack.
But can config.h help here ?

HI,
Since the issue is probably in your network stack, I doubt config.h will help. The only thing that might be causing this from Mbed TLS side that I could think of, is memory used is too bug \ small, and you get memory issues.
Have you read this article ?
Have you configured MBEDTLS_SSL_MAX_CONTENT_LEN different than the default 16K?

Hi,
I migrated my mbedTLS to higher version and MBEDTLS_SSL_MAX_CONTENT_LEN is (1024 * 16), even tried with changing to 4k(1024 * 4) but still behavior is the same in all the cases.

In this case, it’s most likely your network stack, or concurrency problem.
Are you working on a multithreaded environment? Have you enabled MBEDTLS_THREADING_C? Have you ported the mutex according to your platform?

HI,
I m using freeRTOS based environment, but there is only one thread running and yes MBEDTLS_THREADING_C is enabled.

Hi ,
Here are the logs after migration of mbedTLS.

=> handshake
client state: 0
=> flush output
<= flush output
client state: 1
=> flush output
<= flush output
=> write client hello
client hello, max version: [3:3]
client hello, current time: 1530773308
client hello, session id len.: 0
client hello, add ciphersuite: c02c
client hello, add ciphersuite: c030
client hello, add ciphersuite: 009f
client hello, add ciphersuite: c0ad
client hello, add ciphersuite: c09f
client hello, add ciphersuite: c024
client hello, add ciphersuite: c028
client hello, add ciphersuite: 006b
client hello, add ciphersuite: c00a
client hello, add ciphersuite: c014
client hello, add ciphersuite: 0039
client hello, add ciphersuite: c0af
client hello, add ciphersuite: c0a3
client hello, add ciphersuite: c02b
client hello, add ciphersuite: c02f
client hello, add ciphersuite: 009e
client hello, add ciphersuite: c0ac
client hello, add ciphersuite: c09e
client hello, add ciphersuite: c023
client hello, add ciphersuite: c027
client hello, add ciphersuite: 0067
client hello, add ciphersuite: c009
client hello, add ciphersuite: c013
client hello, add ciphersuite: 0033
client hello, add ciphersuite: c0ae
client hello, add ciphersuite: c0a2
client hello, add ciphersuite: 00ab
client hello, add ciphersuite: c0a7
client hello, add ciphersuite: c038
client hello, add ciphersuite: 00b3
client hello, add ciphersuite: c036
client hello, add ciphersuite: 0091
client hello, add ciphersuite: c0ab
client hello, add ciphersuite: 00aa
client hello, add ciphersuite: c0a6
client hello, add ciphersuite: c037
client hello, add ciphersuite: 00b2
client hello, add ciphersuite: c035
client hello, add ciphersuite: 0090
client hello, add ciphersuite: c0aa
client hello, add ciphersuite: 009d
client hello, add ciphersuite: c09d
client hello, add ciphersuite: 003d
client hello, add ciphersuite: 0035
client hello, add ciphersuite: c032
client hello, add ciphersuite: c02a
client hello, add ciphersuite: c00f
client hello, add ciphersuite: c02e
client hello, add ciphersuite: c026
client hello, add ciphersuite: c005
client hello, add ciphersuite: c0a1
client hello, add ciphersuite: 009c
client hello, add ciphersuite: c09c
client hello, add ciphersuite: 003c
client hello, add ciphersuite: 002f
client hello, add ciphersuite: c031
client hello, add ciphersuite: c029
client hello, add ciphersuite: c00e
client hello, add ciphersuite: c02d
client hello, add ciphersuite: c025
client hello, add ciphersuite: c004
client hello, add ciphersuite: c0a0
client hello, add ciphersuite: 00ad
client hello, add ciphersuite: 00b7
client hello, add ciphersuite: 0095
client hello, add ciphersuite: 00ac
client hello, add ciphersuite: 00b6
client hello, add ciphersuite: 0094
client hello, add ciphersuite: 00a9
client hello, add ciphersuite: c0a5
client hello, add ciphersuite: 00af
client hello, add ciphersuite: 008d
client hello, add ciphersuite: c0a9
client hello, add ciphersuite: 00a8
client hello, add ciphersuite: c0a4
client hello, add ciphersuite: 00ae
client hello, add ciphersuite: 008c
client hello, add ciphersuite: c0a8
client hello, got 79 ciphersuites
client hello, compress len.: 1
client hello, compress alg.: 0
client hello, adding server name extension:
client hello, adding signature_algorithms extension
client hello, adding supported_elliptic_curves extension
client hello, adding supported_point_formats extension
client hello, adding encrypt_then_mac extension
client hello, total extension length: 80
=> write record
output record: msgtype = 22, version = [3:3], msglen = 283
=> flush output
message length: 288, out_left: 288
<= flush output
<= write record
<= write client hello

client state: 2
=> flush output
<= flush output
=> parse server hello
=> read record
=> fetch input
in_left: 0, nb_want: 5
fun on_io_recv , line no: 250
fun on_io_recv , line no: 255
fun on_io_recv , line no: 266
fun on_io_recv , line no: 270
fun on_io_recv , line no: 274
fun on_io_recv , line no: 277
fun on_io_recv , line no: 283
fun on_io_recv , line no: 287
fun on_io_recv , line no: 300
fun on_io_recv , line no: 307
in_left: 0, nb_want: 5
<= fetch input
input record: msgtype = 22, version = [3:3], msglen = 3706
=> fetch input
in_left: 5, nb_want: 3711
fun on_io_recv , line no: 250
fun on_io_recv , line no: 255
fun on_io_recv , line no: 266
fun on_io_recv , line no: 274
fun on_io_recv , line no: 277
fun on_io_recv , line no: 293
fun on_io_recv , line no: 300
fun on_io_recv , line no: 307
in_left: 5, nb_want: 3711
<= fetch input
handshake message: msglen = 3706, type = 2, hslen = 81
<= read record
server hello, current time: 1530773309
server hello, session id len.: 32
no session has been resumed
server hello, chosen ciphersuite: c027
server hello, compress alg.: 0
server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
server hello, total extension length: 5
found renegotiation extension
<= parse server hello

client state: 3
=> flush output
<= flush output
=> parse certificate
=> read record
handshake message: msglen = 3625, type = 11, hslen = 3264
<= read record
<= parse certificate
client state: 4
=> flush output
<= flush output
=> parse server key exchange
=> read record
handshake message: msglen = 361, type = 12, hslen = 333
<= read record
ECDH curve: secp256r1
Server used SignatureAlgorithm 1
Server used HashAlgorithm 4
<= parse server key exchange
client state: 5
=> flush output
<= flush output
=> parse certificate request
=> read record
handshake message: msglen = 28, type = 13, hslen = 24
<= read record
got a certificate request
Supported Signature Algorithm found: 6,1
Supported Signature Algorithm found: 6,3
Supported Signature Algorithm found: 4,1
Supported Signature Algorithm found: 5,1
Supported Signature Algorithm found: 4,3
Supported Signature Algorithm found: 5,3
<= parse certificate request
client state: 6
=> flush output
<= flush output
=> parse server hello done
=> read record
handshake message: msglen = 4, type = 14, hslen = 4
<= read record
<= parse server hello done

client state: 7
=> flush output
<= flush output
=> write certificate
=> write record
output record: msgtype = 22, version = [3:3], msglen = 7
=> flush output
message length: 12, out_left: 12
<= flush output
<= write record
<= write certificate

client state: 8
=> flush output
<= flush output
=> write client key exchange
=> write record
output record: msgtype = 22, version = [3:3], msglen = 70
=> flush output
message length: 75, out_left: 75
<= flush output
<= write record
<= write client key exchange
client state: 9
=> flush output
<= flush output
=> write certificate verify
=> derive keys
ciphersuite = TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
keylen: 16, minlen: 64, ivlen: 16, maclen: 32
<= derive keys
<= skip write certificate verify
client state: 10
=> flush output
<= flush output
=> write change cipher spec
=> write record
output record: msgtype = 20, version = [3:3], msglen = 1
=> flush output
message length: 6, out_left: 6
<= flush output
<= write record
<= write change cipher spec

client state: 11
=> flush output
<= flush output
=> write finished
=> calc finished tls sha256
<= calc finished
switching to new transform spec for outbound data
=> write record
=> encrypt buf
before encrypt: msglen = 80, including 16 bytes of IV and 16 bytes of padding
<= encrypt buf
output record: msgtype = 22, version = [3:3], msglen = 80
=> flush output
message length: 85, out_left: 85
<= flush output
<= write record
<= write finished
client state: 12
=> flush output
<= flush output
=> parse change cipher spec
=> read record
=> fetch input
in_left: 0, nb_want: 5
//blocks here

In other above cases receive works perfectly without blocking/hanging , but block only in this MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC case.

Thanks,
Have you added debug logs inside your recv callback function to understand exactly where it hangs?

Hi, thanks for your time and quick replies, it saved my day.
I resolved this issue and you were right, the issue was in tcp stack.
I set non-blocking option and it did well.

Appreciate !