Page 1 of 1

ESP32-dev-kitc MQTT SSL Muthual auth. cannot connect

Posted: Fri May 29, 2020 7:08 am
by Sweaps
Hello,

I got to create a project using MQTT with SSL Muthual auth., so I used the example project from ESP-IDF, it is going perfectly everytime I try to connect to my broker with ECDSA key type and SHA-256.

Then I try to run it on my project with the same sample code to connect and I got a mbed_ssl handshake problem (-0x7280) everytime :
esp-tls : mbed_ssl_handshake returned -0x7280
esp-tls : Certificate verified.
esp-tls : Failed to open a new connection.
TRANS_SSL : Failed to open a new connection.
MQTT_CLIENT : Error transport connect.
I have checked the error by it means nothing to me, it is called CONN_EOF error.

I added debug log level 4 on TLS and I found this :
(17213) mbedtls: components\mbedtls\mbedtls\library\ssl_tls.c:2779 ssl->f_send() returned -80 (-0x0050)

(17228) mbedtls: components\mbedtls\mbedtls\library\ssl_tls.c:3472 mbedtls_ssl_flush_output() returned -80 (-0x0050)

(17245) mbedtls: components\mbedtls\mbedtls\library\ssl_tls.c:3315 ssl_write_record() returned -80 (-0x0050)

(17262) mbedtls: components\mbedtls\mbedtls\library\ssl_cli.c:3379 mbedtls_ssl_write_handshake_msg() returned -80 (-0x0050)

(17280) mbedtls: components\mbedtls\mbedtls\library\ssl_tls.c:8096 <= handshake

(17294) esp-tls: mbedtls_ssl_handshake returned -0x50
(17299) esp-tls: Certificate verified.
(17308) esp-tls: Failed to open new connection
(17309) TRANS_SSL: Failed to open a new connection
(17315) MQTT_CLIENT: Error transport connect
Everytime ssl->f_send is returning -0x0050 or -0x7280 and I do not understand why.

I have copied paste the sdkconfig files into my working project and then it works 2 times out of 10.

Does anyone can help me with this problem ?

Re: ESP32-dev-kitc MQTT SSL Muthual auth. cannot connect

Posted: Wed Jun 12, 2024 12:28 pm
by toljatyr
I just faced similar problem - I managed to connect to MQTT server over SSL using a certificate, but once I tried to achieve the same in my own project, I got error

Code: Select all

 Dynamic Impl: mbedtls_ssl_fetch_input error=80
 esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x0050
 esp-tls-mbedtls: (FFFFFFB0): UNKNOWN ERROR CODE (0050)
 esp-tls-mbedtls: Certificate verified.[1B][0m
esp-tls: Failed to open new connection[1B][0m
After some testing, I found two reasons in my code that prevented success MQTTs connection
- Core frequency was set to 80MHz
- parallel HTTPs requests
As soon as I increased frequency to 160MHz it connected to the server, but only after some trees - when there are no active HTTPs requests. After I disabled HTTPs requests, it started working fine.
This way I found a workaround for how to make it work, but I am not sure what was the real reason MQTT unable to connect

Re: ESP32-dev-kitc MQTT SSL Muthual auth. cannot connect

Posted: Wed Jun 12, 2024 3:51 pm
by fanmen1
Can you share the menuconfig options set for "TLS Key Exchange Methods"? Take a look at the ciphersuites that are enabled here.