Page 1 of 1

ESP32 MQTT over TLS 1.3 有人试过了吗?TLS 1.3 handshake over之后出错

Posted: Sat Apr 02, 2022 2:55 pm
by Chozmao
有人在esp32上成功跑过 TLS 1.3吗?
用的master esp-idf 5.0, 然后 mbedtls用的是branch mbedtls git:(mbedtls-3.1.0-idf)
我想测下MQTT over TLS 1.3
在menuconfig里面enable了tls 1.3
第一次 tls 1.3 的handshake没问题,ssl状态在WRAPUP后设置为 MBEDTLS_SSL_HANDSHAKE_OVER
然后在 ssl_handle_hs_message_post_handshake()函数里面报错,
我看了下是收到了NEW_SESSION_TICKET 包裹。
原代码在这边就直接 return UNEXPECTED_MESSAGE了。

Code: Select all

        MBEDTLS_SSL_DEBUG_MSG( 1, ("hangmao debug: post ssl handshake '%d'", ssl->in_msg[0]));
        //if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET)
            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
mbedtls: ssl_msg.c:4976 hangmao debug: post ssl handshake '4'

Code: Select all

I (3606) mbedtls: ssl_tls13_client.c:1723 tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP(15)

W (3616) mbedtls: ssl_tls13_client.c:1705 Switch to application keys for inbound traffic

W (3626) mbedtls: ssl_tls13_client.c:1708 Switch to application keys for outbound traffic

I (3636) mbedtls: ssl_tls.c:5323 <= handshake

I (3646) mbedtls: ssl_msg.c:5348 => write

I (3646) mbedtls: ssl_msg.c:2369 => write record

I (3656) mbedtls: ssl_msg.c:546 => encrypt buf

I (3656) mbedtls: ssl_msg.c:990 <= encrypt buf

I (3666) mbedtls: ssl_msg.c:1789 => flush output

I (3666) mbedtls: ssl_msg.c:1809 message length: 53, out_left: 53

I (3676) mbedtls: ssl_msg.c:1814 ssl->f_send() returned 53 (-0xffffffcb)

I (3686) mbedtls: ssl_msg.c:1842 <= flush output

I (3686) mbedtls: ssl_msg.c:2514 <= write record

I (3696) mbedtls: ssl_msg.c:5372 <= write

I (3696) mbedtls: ssl_msg.c:5067 => read

I (3706) mbedtls: ssl_msg.c:3546 => read record

I (3706) mbedtls: ssl_msg.c:1573 => fetch input

I (3716) mbedtls: ssl_msg.c:1730 in_left: 0, nb_want: 5

I (3716) mbedtls: ssl_msg.c:1755 in_left: 0, nb_want: 5

I (3726) mbedtls: ssl_msg.c:1756 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (3736) mbedtls: ssl_msg.c:1776 <= fetch input

I (3736) mbedtls: ssl_msg.c:1573 => fetch input

I (3746) mbedtls: ssl_msg.c:1730 in_left: 5, nb_want: 255

I (3756) mbedtls: ssl_msg.c:1755 in_left: 5, nb_want: 255

I (3756) mbedtls: ssl_msg.c:1756 ssl->f_recv(_timeout)() returned 250 (-0xffffff06)

I (3766) mbedtls: ssl_msg.c:1776 <= fetch input

I (3776) mbedtls: ssl_msg.c:1014 => decrypt buf

I (3776) mbedtls: ssl_msg.c:1539 <= decrypt buf

I (3786) mbedtls: ssl_msg.c:3620 <= read record

W (3786) mbedtls: ssl_msg.c:4967 handshake received (not HelloRequest)

W (3796) mbedtls: ssl_msg.c:4976 hangmao debug: post ssl handshake '4'

W (3806) mbedtls: ssl_msg.c:5004 hangmao debug: renegotiation: disable? '1' secure? '0' legacy? '0'

Re: ESP32 MQTT over TLS 1.3 有人试过了吗?TLS 1.3 handshake over之后出错

Posted: Mon Apr 04, 2022 9:18 pm
by Chozmao
known bug. mbedtls 库对TLS 1.3 的支持还不完善
https://github.com/Mbed-TLS/mbedtls/issues/5558