FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using mbedtls 1.25.0 on eval board works but mbedtls 1.27.1 on stmf407 fails.

MOtto.1
Associate II

‎2022-08-02 08:54 AM

I use the setup RTOS and ssl_client example provided by ST, and the older library versin seems to work and the newest on fails.

Here prints from the worling one:

C:\Users\MY_PC>openssl s_server -key server.key -cert server.crt -accept 8883

Using default temp DH parameters

ACCEPT

-----BEGIN SSL SESSION PARAMETERS-----

MHoCAQECAgMDBALALwQgVa/AeM/IWe4+PlR6D3v7gpN+iEPz/Qowt46ay9QNGFQE

MEvJwVQUY7/GguhRMog09Vx2ciSOAb1iZAiz5PBXkB2A5guJHJV8LiqQLRbSaL89

oaEGAgRi6UBvogQCAhwgpAYEBAEAAACzAwIBGA==

-----END SSL SESSION PARAMETERS-----

Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256

Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224

Shared Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224

Supported Elliptic Curve Point Formats: uncompressed

Supported groups: secp384r1:secp256r1

Shared groups: secp384r1:secp256r1

CIPHER is ECDHE-RSA-AES128-GCM-SHA256

Secure Renegotiation IS supported

Hello from Nucleo-STM32f439ZI board Lacon Testsstm

 and corrresponding terminal prints:

Still got no IP

Still got no IP

Still got no IP

DHCP/Static IP O.K.

 . Seeding the random number generator... ok

 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256

 . Loading the CA root certificate ... ok (0 skipped)

 . Connecting to tcp/192.168.52.242/8883... ok

 . Setting up the SSL/TLS structure... ok

 . Performing the SSL/TLS handshake... ok

 . Verifying peer X.509 certificate... failed

 ! The certificate Common Name (CN) does not match with the expected CN

 > Write to server: 47 bytes written

and from the not working one

C:\Users\Manfred Otto\mqtt-spy\MY_PC>openssl s_server -key server.key -cert server.crt -accept 8883

Using default temp DH parameters

ACCEPT

ERROR

F83F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl\statem\statem_srvr.c:2221:

shutting down SSL

CONNECTION CLOSED

ERROR

F83F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl\statem\statem_srvr.c:2221:

shutting down SSL

CONNECTION CLOSED

ERROR

F83F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl\statem\statem_srvr.c:2221:

shutting down SSL

CONNECTION CLOSED

and corrresponding terminal prints:

 . Seeding the random number generator... ok

 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

 . Loading the CA root certificate ... ok (0 skipped)

 . Connecting to tcp/192.168.52.242/8883... ok

 . Setting up the SSL/TLS structure... ok

 . Performing the SSL/TLS handshake... failed

 ! mbedtls_ssl_handshake returned -0x7780

Why is this missing TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256. I definitly checked in both projects should be there.

Is there a way to switch back to an older library in an running project?

Labels:
0 Kudos
0 REPLIES 0
Top