• State Suggested Answer
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 75 subscribers
  • Views 1140 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 324035
Options

TLS handshake error using mbedTLS

Randall

I'm implementing an OAUTH procedure on my device.  I'm able to access login.microsoftonline.com and get user and device codes, then after authorizing, I can access the token endpoint and get an access token.  I'm using the root ca DigiCert Global Root CA.

But then when I got to the customer's server (which is an azure instance) I try to connect and I get a TLS handshake error;

TLS handshake error: -2700

I have no idea of what that error is or how to go about debugging is.  I'm using the same root ca as I use for login.microsoftonline.com and since it's azure, I'm assuming that is OK.

Any thoughts, or cipher suites I should try to enable.  Anything that I can try since I'm kind of stuck right now.

Thanks

Parents
  • 0 in reply to Kazi Afroza Sultana 

    [00:01:48.338,775] <inf> cloud: Adding Credentials
IoT>[00:01:48.717,956] <dbg> net_sock_addr: dns_resolve_cb: (hl7800_workq): dns status: -100
IoT>[00:01:48.718,017] <dbg> net_sock_addr: dns_resolve_cb: (hl7800_workq): dns status: -103
IoT>[00:01:48.718,170] <inf> cloud: resolved auth.get-cloud.com to 20.50.64.22
IoT>[00:01:48.718,170] <inf> cloud: Creating Socket
IoT>[00:01:48.718,383] <dbg> net_sock_tls: tls_alloc: (): Allocated TLS context, 0x20004770
IoT>[00:01:48.718,627] <dbg> net_sock: zsock_socket_internal: (): socket: ctx=0x20008b80, fd=1
IoT>[00:01:48.877,899] <inf> cloud: Connecting to server...
IoT>IoT>[00:01:49.656,036] <dbg> net_sock: zsock_received_cb: (hl7800_workq): ctx=0x20008b80, pkt=0x20034b2c, st=0, user_data=0
IoT>[00:01:49.828,125] <dbg> net_sock: zsock_received_cb: (hl7800_workq): ctx=0x20008b80, pkt=0x20034b2c, st=0, user_data=0
IoT>[00:01:49.998,168] <dbg> net_sock: zsock_received_cb: (hl7800_workq): ctx=0x20008b80, pkt=0x20034b2c, st=0, user_data=0
IoT>[00:01:50.578,826] <err> net_sock_tls: TLS handshake error: -2700
IoT>[00:01:50.581,390] <err> cloud: Unable to connect to auth.get-cloud.com
IoT>[00:01:50.581,420] <inf> cloud: Close Socket
IoT>[00:01:50.581,451] <dbg> net_sock: z_impl_zsock_close: (): close: ctx=0x20004770, fd=0
IoT>[00:01:50.583,435] <dbg> net_sock: z_impl_zsock_close: (): close: ctx=0x20008b80, fd=1
IoT>[00:01:50.592,681] <err> modem_hl7800: Error code: 922

  • 0 in reply to Randall

    Let me know if there is any thing I can enable to give more output.  I enabled MBEDTLS_DEBUG but it didn't add anything

  • 0 in reply to Randall

    by adding the following configs;

    CONFIG_MBEDTLS_ECP_C=y
    CONFIG_MBEDTLS_ECDSA_C=y
    CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y
    CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y
    CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y
    CONFIG_MBEDTLS_HASH_SHA512_ENABLED=y
    CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y
    I got it to work.  the NAME_INDICATION was the last one I added so I'm not sure which of the others were really necessary.  So, close this for now.  Until my next wall
Reply
  • 0 in reply to Randall

    by adding the following configs;

    CONFIG_MBEDTLS_ECP_C=y
    CONFIG_MBEDTLS_ECDSA_C=y
    CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y
    CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y
    CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y
    CONFIG_MBEDTLS_HASH_SHA512_ENABLED=y
    CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y
    I got it to work.  the NAME_INDICATION was the last one I added so I'm not sure which of the others were really necessary.  So, close this for now.  Until my next wall
Children
Related
Terms of service