STM32H743 as a client fails in handshake with server at Server Hello using LWIP, mbedTLS and FreeRTO

MHana.1 · ‎2024-04-30

Hello,
I'm using STM32H743 to send and receive REST API. I'm using FreeRTOS, LWIP and mbedTLS to communicate with server. I have the same application working WELL using STM32F765 with MCAL layer of course modified to STM32F7 but using H7 I can see this error "Unknown Record Type" when fetching input and reading input record. I tried solutions like optimizing cipherSuite but was not useful.

MHana.1 · ‎2024-11-10

Resolved by updating ethernetif.c

View solution in original post

MHana.1 · ‎2024-05-01

Here is the log:
Setting IotClientHandle options...
Modify IotClientHandle Options Success. Try Connect
. Connecting to Server URL: port 443...
The SSL configuration is tls12 only.
Modify IotClientHandle Options Success. Try Connect
Performing the SSL/TLS handshake...

Modify IotClientHandle Options Success. Try Connect

=> handshake

=> flush output
<= flush output
client state: Ðä
=> flush output
<= flush output
client state: ´Ðä
=> write client hello
client×?g$þaéZY:2 ciphKÀsuite: 2400BF7C, Ùo633¨\{
adding EMPTY_RENEGOTIATION_INFO_SCSV
client hello, got 1 cipher suites
client hello, adding server name extension: X$¾U$Ðä
adding signature_algorithms extension
got signature scheme [2400BF94]
client hello, adding extended_master_secret extension
client hello, adding session ticket extension
client hello, total extension length: ?u
=> write handshake message
=> write record
output record: msgtype = ?, version = [?:?], msglen = ?u
<= write record
<= write handshake message
<= write client hello
=> flush output
message length: ?u, out_left: ?u
<= flush output
client state: <Ðä
=> parse server hello
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= handshake
Modify IotClientHandle Options Success. Try Connect
=> handshake
=> flush output
<= flush output
client state: <Ðä
=> parse server hello
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
input record: msgtype = ?, version = [0x2400BF3C], msglen = ?u
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
handshake message: msglen = ?u, type = ?, hslen = ?u
<= read record
server hello, current time: ?u
server hello, session id len.: ?u
session has been resumed
server hello, chosen ciphersuite: 2400BFE4
server hello, compress alg.: 604028900
server hello, chosen ciphersuite: 9
server hello, total extension length: ?u
found renegotiation extension
found extended_master_secret extension
<= parse server hello
=> flush output
<= flush output
client state: ´Ðä
=> parse certificate
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
input record: msgtype = ?, version = [0x2400BF54], msglen = ?u
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
handshake message: msglen = ?u, type = ?, hslen = ?u
<= read record
Use configuration-specific verification callback
Certificate verification flags clear
<= parse certificate
=> flush output
<= flush output
client state: 8Ðä
=> parse server key exchange
<= skip parse server key exchange
=> flush output
<= flush output
client state: ðÐä
=> parse certificate request
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
input record: msgtype = ?, version = [0x2400BE14], msglen = ?u
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
handshake message: msglen = ?u, type = ?, hslen = ?u
<= read record
got D certificate request
<= parse certificate request
=> flush output
<= flush output
client state: xÐä
=> parse server hello done
=> read record
reuse previously read message
<= read record
<= parse server hello done
=> flush output
<= flush output
client state: ÔÐä
=> write certificate
<= skip write certificate
=> flush output
<= flush output
client state: XÐä
=> write client key exchange
=> write handshake message
=> write record
output record: msgtype = ?, version = [?:?], msglen = ?u
=> flush output
message length: ?u, out_left: ?u
<= flush output
<= write record
<= write handshake message
<= write client key exchange
=> flush output
<= flush output
client state: Ðä
=> write certificate verify
=> derive keys
=> calc verify sha256
<= calc verify
ciphersuite = 9
eylen: ?, minlen: ?, ivlen: ?, maclen: ?
<= derive keys
<= skip write certificate verify
=> flush output
<= flush output
client state: ¨Ðä
=> write change cipher spec
=> write handshake message
=> write record
output record: msgtype = ?, version = [?:?], msglen = ?u
=> flush output
message length: ?u, out_left: ?u
<= flush output
<= write record
<= write handshake message
<= write change cipher spec
=> flush output
<= flush output
client state: Ðä
=> write finished
=> calc finished tls sha256
<= calc finished
switching to new transform spec for outbound data
=> write handshake message
=> write record
=> encrypt buf
before encrypt: msglen = ?u, including 0 bytes of padding
<= encrypt buf
output record: msgtype = ?, version = [?:?], msglen = ?u
=> flush output
message length: ?u, out_left: ?u
<= flush output
<= write record
<= write handshake message
<= write finished
=> flush output
<= flush output
client state: Ðä
=> parse change cipher spec
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= handshake
Modify IotClientHandle Options Success. Try Connect
=> handshake
=> flush output
<= flush output
client state: Ðä
=> parse change cipher spec
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= handshake
Modify IotClientHandle Options Success. Try Connect
=> handshake
=> flush output
<= flush output
client state: Ðä
=> parse change cipher spec
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= handshake
Modify IotClientHandle Options Success. Try Connect
=> handshake
=> flush output
<= flush output
client state: Ðä
=> parse change cipher spec
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
input record: msgtype = ?, version = [0x2400BF6C], msglen = ?u
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
<= read record
switching to new transform spec for inbound data
<= parse change cipher spec
=> flush output
<= flush output
client state: ÐÐä
=> parse finished
=> calc finished tls sha256
<= calc finished
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
input record: msgtype = ?, version = [0x2400BF5C], msglen = ?u
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
=> decrypt buf
<= decrypt buf
handshake message: msglen = ?u, type = ?, hslen = ?u
<= read record
<= parse finished
=> flush output
<= flush output
client state: 0Ðä
handshake: done
=> flush output
<= flush output
client state: ÐÐä
=> handshake wrapup
=> handshake wrapup: final free
<= handshake wrapup: final free
<= handshake wrapup
<= handshake
ok
[ Protocol is TLSv1.2 ]
[ Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256 ]
[ Record expansion is 29 ]
. Verifying peer X.509 certificate...Connection phase complete.
Connected to server.
Data Buffer Before Send:
/token.oauth2?client_id=&client_secret=&grant_type=&scope=api HTTP/1.1
Host:
Content-Type: application/json
Content-Length: 0
post buffer (?u):
=> write
=> write record
=> encrypt buf
before encrypt: msglen = ?u, including 0 bytes of padding
<= encrypt buf
output record: msgtype = ?, version = [?:?], msglen = ?u
=> flush output
message length: ?u, out_left: ?u
<= flush output
<= write record
<= write
post net_sock_send: len=265
=> read
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
input record: msgtype = ?, version = [0x2400C184], msglen = ?u
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
=> decrypt buf
<= decrypt buf
<= read record
<= read
net_sock_recv() rc = 360
=> read
=> read record
=> fetch input
in_left: ?u, nb_want: ?u
in_left: ?u, nb_want: ?u
<= fetch input
unknown record type ?
failed
! mbedtls_ssl_read returned -0x7200
net_sock_recv() rc = -1
http_recv() ConnectionError
Receive Connection..........FAILED!, ERROR -0x1
=> write close notify
=> send alert message
send alert level=? message=?
=> write record
=> encrypt buf
before encrypt: msglen = ?u, including 0 bytes of padding
<= encrypt buf
output record: msgtype = ?, version = [?:?], msglen = ?u
=> flush output
message length: ?u, out_left: ?u
<= flush output
<= write record
<= send alert message
<= write close notify
Freeing the mbedtls context anyway.
=> free
<= free
Closing and Destorying Connection, Result 0

MHana.1 · ‎2024-11-10

Resolved by updating ethernetif.c

SofLit · ‎2024-11-11

Hello @MHana.1 ,

Is that possible to share what modification(s) you applied to ethernetif.c ?

To give better visibility on the answered topics, please click on "Accept as Solution" on the reply which solved your issue or answered your question.