TLS Handshake Failure Using mbedTLS v2.16.2 on STM32CubeIDE with Secure MQTT

Dear ARM mbedTLS Team,

I am encountering an issue with mbedTLS v2.16.2 integrated into STM32CubeIDE while trying to establish a secure MQTT connection to the Mosquitto broker on port 8883. Despite following the recommended setup, the TLS handshake fails with the following error:

mbedtls_ssl_handshake failed. -29312 (-0x7280)

Setup Details:

  1. Microcontroller: STM32F407
  2. mbedTLS Version: 2.16.2 (as integrated with STM32CubeIDE)
  3. Connection Type: PPPoS connection established using a SIM7600 modem
  4. Broker: Mosquitto broker with TLS enabled on port 8883
  5. Root Certificate: Using mosquitto.org.crt as the root certificate

Steps Taken:

  • Configured mbedTLS for secure MQTT communication.
  • Provided the root CA certificate (mosquitto.org.crt).
  • Successfully established the PPPoS connection using the SIM7600 modem.

Issue:
When attempting to establish the secure MQTT connection, the TLS handshake fails with the error code -29312 (-0x7280). This error seems to indicate an issue with the handshake process, possibly related to an invalid MAC or other TLS configuration issues.

Request:

  • Could you confirm whether mbedTLS v2.16.2, as provided in STM32CubeIDE, fully supports secure MQTT connections in this context?
  • Are there any known limitations or additional configurations required to use mbedTLS for this purpose?
  • Guidance on resolving this issue would be highly appreciated.

Please let me know if you require further details, such as configuration settings or log outputs.

Thank you for your assistance.

Hello,
Please look at this announcement about MbedTLS move to Mbed TLS (trustedfirmware.org).

BR, Jan