MbedTLS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MbedTLS

499 Views
a8Chcx
Contributor V

Hi,

I am using MbedTLS sample project to talk to HTTPS server. I got the following error during hanshake.

1) When I send ClientHello, I got Alert Message Level = 2, description 40(handshake failure).

2) When I try to use curl or chrome to talk to my server, it works fine...

I checked the Ciper suite, server accepts TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xc030). I checked it on my client side, it is included in cipher suites.

Can anybody help me to find where the problem is?

Thanks,

Christie

0 Kudos
Reply
3 Replies

475 Views
Celeste_Liu
NXP Employee
NXP Employee

Hello @a8Chcx ,

Thanks for your post.

Could you please help answer the following questions first?

1) Which MCU are you using?
2) IDE and its version;
3) Are you using the demo from the SDK? Have you made any modifications? If yes, please provide the SDK version and the demo name.

I will conduct tests on my end.

BRs,

Celeste

0 Kudos
Reply

469 Views
a8Chcx
Contributor V

Hi Celeste,

Thank you for your e-mail.

1) MCU is K66F

2) IDE MCUXpresso V11.5.0

3) I am using SDK demo with my modifications. SDK2.11.0

I tested with other server and works fine. The only difference between two servers is one uses 0xC02F(working), the other uses 0xC030(not working). Is there any setting needed for 0xC030?

Thanks,

Christie

0 Kudos
Reply

455 Views
Celeste_Liu
NXP Employee
NXP Employee

Hello a8Chcx, I also checked the Ciper suite of lwip_httpssrv_mbedTLS_bm demo,  it indeed accepts TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. Since curl and Chrome can work properly, it indicates that the server configuration is basically correct. The problem is likely to lie in the compilation options or runtime configuration of the client MbedTLS, especially the incomplete support for high-security suites.

0 Kudos
Reply