Server failing with Alert Messages

Mbed TLS
1

I am finding that sometimes my webserver works and sometimes it does not. It appears that when it does not work I am getting alert messages. For example here I got:
ssl_tls.c 4253: got an alert message, type: [2:40]
ssl_tls.c 4261: is a fatal alert message (msg 40)
ssl_tls.c 6867: <= handshake

From RFC type 40 is a handshake_failure alert.

I also get other types:

ssl_tls.c 4253: got an alert message, type: [2:46]
ssl_tls.c 4261: is a fatal alert message (msg 46)
ssl_tls.c 6867: <= handshake
ERROR: altcp_tls_mbedtls.c 283: mbedtls_ssl_handshake failed: -0x7780

46 is a certificate_unknown failure.

My question is why does it work sometimes and others not?

Note I have tried 2.16.4 and 2.7.13 versions of mbedtls and both are behaving the same. I am running this on a ATSAME70 with 384k of SRAM, with LWIP. My configuration is below. The SAME70 has a hardware random number generator which I use for the entropy. I do not have the time enabled on the device, maybe this is the problem?

I generated the certificate using openssl using the following commands:
openssl ecparam -genkey -name prime256v1 -out ca.key
openssl req -x509 -new -SHA256 -nodes -key ca.key -days 3650 -out ca.crt

Thanks
Trampas

/**

  • \file config-no-entropy.h
  • \brief Minimal configuration of features that do not require an entropy source
    /
    /
  • Copyright (C) 2016, ARM Limited, All Rights Reserved
  • SPDX-License-Identifier: Apache-2.0
  • Licensed under the Apache License, Version 2.0 (the “License”); you may
  • not use this file except in compliance with the License.
  • You may obtain a copy of the License at
  • http://www.apache.org/licenses/LICENSE-2.0
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an “AS IS” BASIS, WITHOUT
  • WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.
  • This file is part of mbed TLS (https://tls.mbed.org)
    /
    /
  • Minimal configuration of features that do not require an entropy source
  • Distinguishing reatures:
    • no entropy module
    • no TLS protocol implementation available due to absence of an entropy
  • source
  • See README.txt for usage instructions.
    */

#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H

#include “libraries\syslog\syslog.h”

/* System support */
#define MBEDTLS_HAVE_ASM
//#define MBEDTLS_HAVE_TIME

#define MBEDTLS_SSL_RENEGOTIATION
#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
#define MBEDTLS_SSL_FALLBACK_SCSV

#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 4

#define MBEDTLS_ENTROPY_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_SSL_TLS_C
//#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_CMAC_C

//#define MBEDTLS_NO_PLATFORM_ENTROPY

//#define MBEDTLS_SSL_PROTO_TLS1
//#define MBEDTLS_SSL_PROTO_SSL3
//#define MBEDTLS_SSL_PROTO_TLS1_1
#define MBEDTLS_SSL_PROTO_TLS1_2

/* mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_ECDSA_DETERMINISTIC
//#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_PKCS1_V21
#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
#define MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE

/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_GCM_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PLATFORM_C
//#define MBEDTLS_RSA_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_VERSION_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_CRL_PARSE_C
//#define MBEDTLS_CMAC_C

#define MBEDTLS_MD5_C
#define MBEDTLS_SHA1_C
/* Miscellaneous options */
#define MBEDTLS_AES_ROM_TABLES

//
///* System support /
//#define MBEDTLS_HAVE_ASM
//#define MBEDTLS_HAVE_TIME
//
/ mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2

//
///* Save RAM at the expense of ROM /
#define MBEDTLS_AES_ROM_TABLES
//
/// Save RAM by adjusting to our exact needs /
//#define MBEDTLS_ECP_MAX_BITS 384
//#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes
//
/// Save RAM at the expense of speed, see ecp.h /
//#define MBEDTLS_ECP_WINDOW_SIZE 2
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
//
/// Significant speed benefit at the expense of some ROM */
//#define MBEDTLS_ECP_NIST_OPTIM

/*

  • You should adjust this to the exact number of sources you’re using: default
  • is the “mbedtls_platform_entropy_poll” source, but you may want to add other ones.
  • Minimum is 2 for the entropy test suite.
    /
    #define MBEDTLS_ENTROPY_MAX_SOURCES 2
    //
    /     Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
    #define MBEDTLS_SSL_CIPHERSUITES
    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

/*

  • Save RAM at the expense of interoperability: do this only if you control
  • both ends of the connection! (See coments in “mbedtls/ssl.h”.)
  • The minimum size here depends on the certificate chain used as well as the
  • typical size of records.
    */
    #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384

//#define MBEDTLS_SSL_SESSION_TICKETS
//#define MBEDTLS_SSL_ALPN
//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
//#define MBEDTLS_SSL_TRUNCATED_HMAC
//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
////#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
//#define MBEDTLS_SSL_SERVER_NAME_INDICATION
//#define MBEDTLS_SSL_PROTO_DTLS

#include “check_config.h”

#endif /* MBEDTLS_CONFIG_H */

2

Hi @trampas
The fatal alerts you are getting are because the client couldn’t handle the certificate you sent.

Could you specify what the difference between conditions of the runs? Is it same client all the time?
Have you checked memory leak on your side?
Have you compared your certificate message between success and failed attempts?
Since you have some limitations on memory, have you considered reducing the value of MBEDTLS_SSL_MAX_CONTENT_LEN ?

As for time enabled on your device, this could cause a problem, but only if your server requires to verify client certificates.
Regards,
Mbed TLS Support
Ron