ssl_server2 failed with mbedtls_ssl_handshake returned error -30976

Mbed TLS Crypto and SSL questions
1

Hi ,

Problem description :

Trying to run example[ mbedtls/ssl_server2.c at master · Mbed-TLS/mbedtls · GitHub]

Updated ssl_server2 port to listen on 7777 for incoming client request ,ssl_server2 will be waiting for remote connection continuously.

There was no client request for connection on this port, but still server is getting some spurious connection request and goes for handshake and fails with below error code.

Error code: mbedtls_ssl_handshake returned error -30976

Steps to reproduce:

  1. start ssl_server2 program
  2. Monitor for ssl_server2 connection waiting , observe ssl_server2 will accept spurious connection request and goes for handshake and fails with above mentioned error code.

MBEDTLS_VERSION = 2.26.0

OS: UBUNTU"18.04"

Expected behavior:
ssl_server2 wait for remote connection infinitely and connect to valid client request and perform handshake every time.

Actual behavior:
Occasionally ssl_server2 will accept spurious connection request and goes for handshake and fails with below error code

Error code:
mbedtls_ssl_handshake returned error -30976 on ssl_server2

Analysis:

As per below logs what we understand is ssl_server2 will accept spurious connection request and goes for handshake and fails with error code -30796 ,MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO on ssl_server2 side .

Can you please help us to understand this behavior .?

What could be the reason for ssl_server2 to connect to spurious connection request?, as mentioned above there was no client request for connection on this ssl_server2 port( 7777) .

We have tried this on other SERVER_PORT as well same behavior observed .

Logs Snippet:

==========

. Seeding the random number generator… ok

. Loading the CA root certificate … ok (0 skipped)

. Loading the server cert. and key… ok

. Bind on tcp://*:7777/ … ok

. Setting up the SSL/TLS structure… ok

. Waiting for a remote connection …ok

. Performing the SSL/TLS handshake… failed

! mbedtls_ssl_handshake returned -0x7900

Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed

. Waiting for a remote connection … ok

. Performing the SSL/TLS handshake… failed

! mbedtls_ssl_handshake returned -0x7900

Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed

. Waiting for a remote connection … ok

. Performing the SSL/TLS handshake… failed

! mbedtls_ssl_handshake returned -0x7900

Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed