ESP32 mbed TLS cypher suits supported on client hello
Posted: Fri Jun 11, 2021 9:50 am
HI,
i am using ESP-IDF version 4.2, established a connected to tls connection with server, when the packets are sniffed on wireshark we observed that client (ESP32) is supporting only below cypher suits:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
we have not made any specific configuration in the sdk config and as per configuration mbedtls supports SHA384 and SHA512. can anyone let us know why ESP32 (client) is unable to send below cipher suits to server in hello message:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
are we missing some configuration to enable them? below are attached ireshark capture image and mbedtls configuration.
Regards
Nikhil
i am using ESP-IDF version 4.2, established a connected to tls connection with server, when the packets are sniffed on wireshark we observed that client (ESP32) is supporting only below cypher suits:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
we have not made any specific configuration in the sdk config and as per configuration mbedtls supports SHA384 and SHA512. can anyone let us know why ESP32 (client) is unable to send below cipher suits to server in hello message:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
are we missing some configuration to enable them? below are attached ireshark capture image and mbedtls configuration.
Regards
Nikhil