I'm using MCUXpresso IDE 11.1.1, MCUXpresso SDK 2.6.2, mbedTLS 2.13.1, and lwIP2.12. I started with the example program, lwip_httpscli_mbedtls_freertos. We're not using a client-side certificate, so I've eliminated the mbedtls_ssl_conf_own_cert() function call , as well as the parsing of the client cert, done by function mbedtls_x509_crt_parse() and client key, done by function mbedtls_pk_parse_key(). I've also added the root certs from Google Trust Services example PEM file, roots.pem. See attached httpsclient.c file.
The LS connection fails when the server sends a 'change cipher spec' to the client. See attached TLS_Connection_Fail.txt log file, generated with DEBUG_LEVEL 5 specified in httpsclient.c. I've also included a Wireshark trace of the same connection attempt. It appears that mbedTLS wants 5 more bytes than the server is giving it.
Here are my questions.
- How the ciphersuites chosen in ksdk_mbedtls_config.h, also attached, are chosen. Could it be that one of the ciphersuites that is not included is needed?
- How do I know whether a ciphersuite not selected in ksdk_mbedtls_config.h can be supported?
- Is there some other explanation for the connection failure?