Enabling the TLS layer to get a HTTPS connection going.

Hi,

I used net/https_client for this exercise.

You need to download r1.pem from here: https://pki.goog/repository/

Place this in certs/ folder, and make sure that you change the file in CMakeLists.txt, change the domain in kconfig, and add the required configurations in the board .conf file:

diff --git a/samples/net/https_client/CMakeLists.txt b/samples/net/https_client/CMakeLists.txt
index 2a937786ed..39276fd2e2 100644
--- a/samples/net/https_client/CMakeLists.txt
+++ b/samples/net/https_client/CMakeLists.txt
@@ -14,7 +14,7 @@ set(gen_dir ${CMAKE_CURRENT_BINARY_DIR}/certs)
 zephyr_include_directories(${gen_dir})
 generate_inc_file_for_target(
     app
-    cert/DigiCertGlobalG2.pem
+    cert/r1.pem
     ${gen_dir}/DigiCertGlobalG2.pem.inc
     )
 
diff --git a/samples/net/https_client/Kconfig b/samples/net/https_client/Kconfig
index 90ad33f42e..bb22e82794 100644
--- a/samples/net/https_client/Kconfig
+++ b/samples/net/https_client/Kconfig
@@ -15,7 +15,7 @@ config SAMPLE_TFM_MBEDTLS
 
 config HTTPS_HOSTNAME
        string "HTTPS hostname"
-       default "example.com"
+       default "google.com"
 
 endmenu
 
diff --git a/samples/net/https_client/boards/nrf7002dk_nrf5340_cpuapp_ns.conf b/samples/net/https_client/boards/nrf7002dk_nrf5340_cpuapp_ns.conf
index 9eb362cb16..8366313af8 100644
--- a/samples/net/https_client/boards/nrf7002dk_nrf5340_cpuapp_ns.conf
+++ b/samples/net/https_client/boards/nrf7002dk_nrf5340_cpuapp_ns.conf
@@ -69,3 +69,20 @@ CONFIG_MBEDTLS_TLS_LIBRARY=y
 CONFIG_TFM_PROFILE_TYPE_SMALL=y
 CONFIG_PM_PARTITION_SIZE_TFM_SRAM=0xc000
 CONFIG_PM_PARTITION_SIZE_TFM=0x20000
+
+CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
+CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
+CONFIG_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH=y
+CONFIG_MBEDTLS_SSL_SESSION_TICKETS=y
+CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=y
+CONFIG_MBEDTLS_MPI_MAX_SIZE=512
+
+CONFIG_LOG=y
+CONFIG_MBEDTLS_DEBUG=y
+CONFIG_MBEDTLS_SSL_DEBUG_ALL=y
+CONFIG_MBEDTLS_LOG_LEVEL_DBG=y
+CONFIG_MBEDTLS_DEBUG_C=y
+CONFIG_MBEDTLS_DEBUG_LEVEL=4
+# Handle the large influx of prints
+CONFIG_LOG_BUFFER_SIZE=16384
+CONFIG_LOG_BACKEND_UART=y

I also need to add CONFIG_NET_IPV6=n due to a local network issue at my end.

Kind regards,

Håkon

There are many options and suboptions in the link you sent me. Which one is the correct one?

When attempting to get it working, I got r1.der and then created r1.der.inc. But I'm not sure which option I chose.

Slight problem with the library. In the file ssl_tls.c, inside the function "mbedtls_ssl_setup()", the line:

Hi!

Great to hear that you fixed the socket issue.

Tudor B. said:

actually prints what you saw in my logs:

[00:00:36.237,976] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:1402: alloc(zu bytes) failed

I inserted my own debug code above:

printk("Dead here...55. Tried to allocate %d bytes and failed\n", in_buf_len);

and it printed:

Dead here...55. Tried to allocate 16717 bytes and failed

Could you share the full .config file? I suspect the configured mbedtls heap is too low here.

Tudor B. said:

The way things are looking, I think we need to find a solution to reduce the RAM usage since we're currently at:
RAM:      383248 B       416 KB     89.97%

You have enabled station and softap, where as only softap uses approx. 222kB RAM, as shown here:

https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/protocols/wifi/sap_mode/mem_requirements_sap.html

In addition, mbedtls will add approx. 80 kB.

Your memory fit is tight, especially when adding micropython into the feature list.

Kind regards,

Håkon

We can drop the AP mode (comment it out) and make an internal note akin to: "if you want sockets and https communication -> AP off; AP on -> sockets and https off".

8360.nrf7002dk_nrf5340_cpuapp_ns.conf

8787.prj.conf

Hi,

Your mbedtls heap size is only 16k, which will not work.

The default is 80k:

https://github.com/nrfconnect/sdk-nrf/blob/main/samples/net/https_client/boards/nrf7002dk_nrf5340_cpuapp_ns.conf#L64

Kind regards,

Håkon

How can I disable SoftAP and leave just STA mode active?

How can I disable SoftAP and leave just STA mode active?

Running the "west build -d ./build/zephyr -t ram_report" command produces the following output:
ram_report.txt

I've filtered through it and found only a few major RAM hoggers:
│ ├── _k_mem_slab_buf_tcp_conns_slab 3000 0.49% 0x20063440 noinit
│ ├── fw_patch 81572 13.36% 0x000b7d68 rodata
│ ├── heap.lto_priv.0 32768 5.37% 0x2000f024 bss
│ ├── iface_wq_stack 4400 0.72% 0x20030108 noinit
│ ├── kheap__system_heap 65536 10.74% 0x2001b1e8 noinit
│ ├── kheap_net_buf_mem_pool_rx_bufs 4096 0.67% 0x20031238 noinit
│ ├── kheap_net_buf_mem_pool_tx_bufs 4096 0.67% 0x20032238 noinit
│ ├── kheap_wifi_drv_ctrl_mem_pool 20000 3.28% 0x20056f60 noinit
│ ├── kheap_wifi_drv_data_mem_pool 130000 21.30% 0x20037390 noinit
│ ├── mbedtls_heap 16384 2.68% 0x200171c4 bss
│ ├── mgmt_stack 4600 0.75% 0x20033638 noinit
│ ├── mp_thread_stack_array 20480 3.36% 0x2005de80 noinit
│ ├── supplicant_thread_stack 5600 0.92% 0x2002eb28 noinit
│ ├── z_main_stack 12288 2.01% 0x2002b328 noinit

Also worth noting: I suspect AP is disabled based on the most recent .conf files that I've uploaded. I even tried to tune some RX and TX buffs, but it only lowered RAM usage by ~1.65%:

RAM:      374936 B       416 KB     88.02%

Also, I've explicitly set: CONFIG_NRF70_AP_MODE=n

and I found and took in virtually everything from: https://github.com/nrfconnect/sdk-nrf/blob/main/samples/wifi/throughput/overlay-memory-optimized.conf

which was suggested in the "WiFi stack configuration and performance" documentation page: https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/protocols/wifi/stack_configuration.html

I even tried disabling CONFIG_WIFI_NM_WPA_SUPPLICANT, but RAM usage didn't lower by much and anyway I suspect we need this one to enable STA mode to connect to a WiFi.

I tried playing with various stacks, including CONFIG_MAIN_STACK_SIZE. But lowering other stacks and squeezing in CONFIG_MBEDTLS_HEAP_SIZE=81920, I reach a RAM usage of:

RAM:      407704 B       416 KB     95.71%

The image flashes, but when I try the same scenario of connecting to WiFi, doing getaddrinfo(), then opening a socket, I get a Stack Overflow when trying to connect to the WiFi network:

Network ID: DIGI-4TYa & Network MAC: AC:CC:36:55:68:E9
Network ID: DIGI-4uE3 & Network MAC: AC:CC:36:4D:9A:51
Network ID: DIGI-C7uG & Network MAC: 28:F8:D6:C7:E5:91
Network ID: DIGI-kTWh & Network MAC: 1C:BF:CE:9E:E2:38
Network ID: Tea2.4 & Network MAC: AE:CC:36:1D:9A:51
Network ID: DIGI-9x4D & Network MAC: F0:A7:31:6F:2D:7A
Network ID: DIGI-Wpk7 & Network MAC: 74:31:AF:15:E0:41
Network ID: HomeA&A & Network MAC: 92:A2:F4:9E:B3:D8
MAC: F4:CE:36:00:1C:F4
[(b'', b'62:ED:00:CD:74:72\x00', 44, -47, 1, False), (b'TP-Link_7474', b'40:ED:00:CD:74:72\x00', 44, -47, 1, False), (b'', b'62:ED:00:CD:74:73\x00', 4, -47, 1, False), (b'TP-Link_7474', b'40:ED:00:CD:74:]
>>>
>>> wlan.connect("TP-Link_7474", "55920322", network.SECURITY_PSK, 4)
[00:00:27.243,804] <err> os: ***** USAGE FAULT *****
[00:00:27.249,450] <err> os:   Stack overflow (context area not valid)
[00:00:27.256,713] <err> os: r0/a1:  0x20033528  r1/a2:  0x00000001  r2/a3:  0x00078000
[00:00:27.265,472] <err> os: r3/a4:  0x00000000 r12/ip:  0x00008000 r14/lr:  0x0002446d
[00:00:27.274,200] <err> os:  xpsr:  0x41000200
[00:00:27.279,479] <err> os: s[ 0]:  0xaaaaaaaa  s[ 1]:  0xaaaaaaaa  s[ 2]:  0xaaaaaaaa  s[ 3]:  0xaaaaaaaa
[00:00:27.289,978] <err> os: s[ 4]:  0xaaaaaaaa  s[ 5]:  0xaaaaaaaa  s[ 6]:  0xaaaaaaaa  s[ 7]:  0xaaaaaaaa
[00:00:27.300,445] <err> os: s[ 8]:  0xaaaaaaaa  s[ 9]:  0xaaaaaaaa  s[10]:  0xaaaaaaaa  s[11]:  0xaaaaaaaa
[00:00:27.310,943] <err> os: s[12]:  0x00000000  s[13]:  0x000730db  s[14]:  0x2000a060  s[15]:  0x2000a060
[00:00:27.321,411] <err> os: fpscr:  0x000f4240
[00:00:27.326,690] <err> os: Faulting instruction address (r15/pc): 0x0002879a
[00:00:27.334,655] <err> os: >>> ZEPHYR FATAL ERROR 2: Stack overflow on CPU 0
[00:00:27.342,590] <err> os: Current thread: 0x20009e08 (mp_main)
[00:00:27.349,426] <err> os: Halting system

Håkon! More progress was made!!! :D

So, I disabled:

# CONFIG_MBEDTLS_ENABLE_HEAP=y
# CONFIG_MBEDTLS_HEAP_SIZE=16384

since I had a suspicion that allowing MBEDTLS to have its own stack would somehow use up more RAM than by not letting it.

This seems to have COMPLETELY unlocked MBEDTLS!

Here's a log of it in action:

>>>
>>> s = None
>>> s = socket.socket()
Trying to initialize socket...
Family: 1, socktype: 1, proto: 258
Dead here...15
[00:01:27.568,298] <dbg> net_sock_tls: tls_alloc: (mp_main): Allocated TLS context, 0x2000a190
Dead here...17
Checking stupid errno...1.1: 0
[00:01:27.582,305] <dbg> net_sock: zsock_socket_internal: (mp_main): socket: ctx=0x2000b0e8, fd=16
Dead here...18
Dead here...19
Returned value: 15
Done initializing socket!
>>>
>>> print("Connecting to:", result[0][-1])
Connecting to: ('142.251.39.78', 443)
>>> s.connect(result[0][-1])
Dead here...5. DNS message size: 44
DNS message content (hex):9d ae 81 80 00 01 00 01 00 00 00 00 06 67 6f 6f 67 6c 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 48 00 04 8e fb 27 4e
Dead here...6
Dead here...7
[00:01:27.715,545] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:1331: The SSL configuration is tls12 only.
[00:01:27.735,412] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4663: => handshake
[00:01:27.745,727] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: => flush output
[00:01:27.756,317] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2363: <= flush output
[00:01:27.766,937] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4582: client state: MBEDTLS_SSL_HELLO_REQUEST
[00:01:27.779,571] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: => flush output
[00:01:27.790,161] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2363: <= flush output
[00:01:27.800,781] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4582: client state: MBEDTLS_SSL_CLIENT_HELLO
[00:01:27.813,354] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0921: => write client hello
[00:01:27.825,134] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0487: dumping 'client hello, random bytes' (32 bytes)
[00:01:27.838,775] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0487: 0000:  d6 ff 0c 29 d8 e1 2c 45 37 c2 62 83 05 1a b5 30  ...)..,E7.b....0
[00:01:27.854,553] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0487: 0010:  db 44 82 22 9a 48 98 8c 48 89 c6 dc 2f a7 74 2c  .D.".H..H.../.t,
[00:01:27.870,117] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0512: dumping 'session id' (0 bytes)
[00:01:27.882,049] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c024, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
[00:01:27.898,010] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c028, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
[00:01:27.913,757] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c00a, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
[00:01:27.929,412] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c014, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
[00:01:27.944,915] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c023, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
[00:01:27.960,845] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c027, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
[00:01:27.976,623] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c009, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
[00:01:27.992,279] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c013, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
[00:01:28.007,812] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: 003d, TLS-RSA-WITH-AES-256-CBC-SHA256
[00:01:28.023,040] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: 0035, TLS-RSA-WITH-AES-256-CBC-SHA
[00:01:28.038,024] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c02a, TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384
[00:01:28.053,680] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c00f, TLS-ECDH-RSA-WITH-AES-256-CBC-SHA
[00:01:28.069,091] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c026, TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384
[00:01:28.084,960] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c005, TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA
[00:01:28.100,524] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: 003c, TLS-RSA-WITH-AES-128-CBC-SHA256
[00:01:28.115,783] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: 002f, TLS-RSA-WITH-AES-128-CBC-SHA
[00:01:28.130,737] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c029, TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256
[00:01:28.146,423] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c00e, TLS-ECDH-RSA-WITH-AES-128-CBC-SHA
[00:01:28.161,834] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c025, TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256
[00:01:28.177,673] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: client hello, add ciphersuite: c004, TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA
[00:01:28.193,267] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0388: adding EMPTY_RENEGOTIATION_INFO_SCSV
[00:01:28.205,657] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0397: client hello, got zu cipher suites
[00:01:28.217,895] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0041: client hello, adding server name extension:
[00:01:28.231,018] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0231: client hello, adding supported_groups extension
[00:01:28.244,415] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0250: got supported group(001d)
[00:01:28.255,859] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0282: NamedGroup: x25519 ( 1d )
[00:01:28.267,333] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0250: got supported group(0017)
[00:01:28.278,778] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0282: NamedGroup: secp256r1 ( 17 )
[00:01:28.290,527] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0302: dumping 'Supported groups extension' (6 bytes)
[00:01:28.303,955] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0302: 0000:  00 04 00 1d 00 17                                ......
[00:01:28.318,603] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9505: adding signature_algorithms extension
[00:01:28.330,902] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9525: got signature scheme [603] ecdsa_secp521r1_sha512
[00:01:28.344,177] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9534: sent signature scheme [603] ecdsa_secp521r1_sha512
[00:01:28.357,543] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9525: got signature scheme [601] rsa_pkcs1_sha512
[00:01:28.370,330] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9534: sent signature scheme [601] rsa_pkcs1_sha512
[00:01:28.383,178] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9525: got signature scheme [503] ecdsa_secp384r1_sha384
[00:01:28.396,484] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9534: sent signature scheme [503] ecdsa_secp384r1_sha384
[00:01:28.409,851] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9525: got signature scheme [501] rsa_pkcs1_sha384
[00:01:28.422,607] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9534: sent signature scheme [501] rsa_pkcs1_sha384
[00:01:28.435,485] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9525: got signature scheme [403] ecdsa_secp256r1_sha256
[00:01:28.448,760] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9534: sent signature scheme [403] ecdsa_secp256r1_sha256
[00:01:28.462,127] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9525: got signature scheme [401] rsa_pkcs1_sha256
[00:01:28.474,914] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9534: sent signature scheme [401] rsa_pkcs1_sha256
[00:01:28.487,731] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:0105: client hello, adding supported_point_formats extension
[00:01:28.502,258] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:0150: client hello, adding ecjpake_kkpp extension
[00:01:28.515,808] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:0165: generating new ecjpake parameters
[00:01:28.624,450] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:0338: client hello, adding extended_master_secret extension
[00:01:28.638,854] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:0372: client hello, adding session ticket extension
[00:01:28.652,587] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0689: client hello, total extension length: zu
[00:01:28.665,374] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: dumping 'client hello extensions' (385 bytes)
[00:01:28.678,833] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0000:  01 81 00 00 00 05 00 03 00 00 00 00 0a 00 06 00  ................
[00:01:28.694,641] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0010:  04 00 1d 00 17 00 0d 00 0e 00 0c 06 03 06 01 05  ................
[00:01:28.710,479] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0020:  03 05 01 04 03 04 01 00 0b 00 02 01 00 01 00 01  ................
[00:01:28.726,257] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0030:  4a 41 04 44 45 b2 d9 27 08 d6 36 21 e8 f1 2c 89  JA.DE..'..6!..,.
[00:01:28.742,065] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0040:  0d bd 5d fe db 7b c0 9b a7 c8 b1 bd d8 a3 50 ec  ..]..{........P.
[00:01:28.757,873] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0050:  06 14 0b d2 e0 b0 05 87 2f 3d 5d 26 2d 20 ba 45  ......../=]&- .E
[00:01:28.773,681] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0060:  92 c3 59 26 a2 e5 52 42 f5 3b 7f dd 74 ae ed ce  ..Y&..RB.;..t...
[00:01:28.789,489] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0070:  da 6c 71 41 04 00 15 b1 87 5e 56 af a4 b7 ee a8  .lqA.....^V.....
[00:01:28.805,297] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0080:  78 4b c6 3f 86 60 7f 82 2b 04 91 48 11 47 cc ce  xK.?.`..+..H.G..
[00:01:28.821,105] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0090:  65 8a ad 6b 95 f3 f3 b2 0a c9 0a 72 f8 de 8e 85  e..k.......r....
[00:01:28.836,914] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 00a0:  6d e6 45 6e 47 e1 74 ab c2 fd 19 15 3c 70 15 9d  m.EnG.t.....<p..
[00:01:28.852,691] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 00b0:  ba ba 66 51 bc 20 03 fc fe aa 97 1a bf 98 20 fe  ..fQ. ........ .
[00:01:28.868,499] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 00c0:  5d c2 29 ff bb 71 15 a6 36 7c f9 f4 1a eb 90 67  ].)..q..6|.....g
[00:01:28.884,307] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 00d0:  dc 2e 4f 9a 55 7d 41 04 1f 6c ad 32 3d 6f c2 f4  ..O.U}A..l.2=o..
[00:01:28.900,115] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 00e0:  b3 95 c2 85 ce 38 e7 c1 9c 51 37 8a 25 b9 fc 82  .....8...Q7.%...
[00:01:28.915,893] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 00f0:  b9 5f 88 f7 a7 8a 3d b7 1a 13 5c ec f3 c4 df 33  ._....=...\....3
[00:01:28.931,701] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0100:  4a d8 d4 1a 62 23 8d f6 01 a3 e4 28 3f 2f 22 4b  J...b#.....(?/"K
[00:01:28.947,509] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0110:  b1 56 28 09 31 ed bb bf 41 04 30 64 0e 22 dc a6  .V(.1...A.0d."..
[00:01:28.963,317] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0120:  b1 ec 0f 5e 6f 04 cc 31 11 d7 17 69 6c 55 63 5c  ...^o..1...ilUc\
[00:01:28.979,125] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0130:  c8 13 a5 38 a7 74 2f 37 84 4b b8 a7 b3 34 83 10  ...8.t/7.K...4..
[00:01:28.994,934] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0140:  02 af 7e 70 c7 28 92 6b 33 6d 2f b2 f2 14 17 1b  ..~p.(.k3m/.....
[00:01:29.010,742] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0150:  ef d8 c8 0d 93 83 01 17 87 5a 20 51 29 8a b8 4e  .........Z Q)..N
[00:01:29.026,519] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0160:  7d 52 bf 92 ad 1e 82 f7 3a c2 e7 77 10 2d a6 e3  }R......:..w.-..
[00:01:29.042,327] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0170:  f9 95 de f5 fa fa ca 67 49 32 5b 00 17 00 00 00  .......gI2[.....
[00:01:29.057,983] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0180:  23                                               #
[00:01:29.073,425] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2784: => write handshake message
[00:01:29.084,930] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2944: => write record
[00:01:29.095,581] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3028: output record: msgtype = 22, version = [3:3], msglen = zu
[00:01:29.109,588] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: dumping 'output record sent to network' (477 bytes)
[00:01:29.125,213] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0000:  16 03 03 01 d8 01 00 01 d4 03 03 d6 ff 0c 29 d8  ..............).
[00:01:29.142,700] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0010:  e1 2c 45 37 c2 62 83 05 1a b5 30 db 44 82 22 9a  .,E7.b....0.D.".
[00:01:29.160,156] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0020:  48 98 8c 48 89 c6 dc 2f a7 74 2c 00 00 2a c0 24  H..H.../.t,..*.$
[00:01:29.177,612] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0030:  c0 28 c0 0a c0 14 c0 23 c0 27 c0 09 c0 13 00 3d  .(.....#.'.....=
[00:01:29.195,068] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0040:  00 35 c0 2a c0 0f c0 26 c0 05 00 3c 00 2f c0 29  .5.*...&...<./.)
[00:01:29.212,554] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0050:  c0 0e c0 25 c0 04 00 ff 01 00 01 81 00 00 00 05  ...%............
[00:01:29.230,041] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0060:  00 03 00 00 00 00 0a 00 06 00 04 00 1d 00 17 00  ................
[00:01:29.247,497] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0070:  0d 00 0e 00 0c 06 03 06 01 05 03 05 01 04 03 04  ................
[00:01:29.264,984] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0080:  01 00 0b 00 02 01 00 01 00 01 4a 41 04 44 45 b2  ..........JA.DE.
[00:01:29.282,440] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0090:  d9 27 08 d6 36 21 e8 f1 2c 89 0d bd 5d fe db 7b  .'..6!..,...]..{
[00:01:29.299,896] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 00a0:  c0 9b a7 c8 b1 bd d8 a3 50 ec 06 14 0b d2 e0 b0  ........P.......
[00:01:29.317,382] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 00b0:  05 87 2f 3d 5d 26 2d 20 ba 45 92 c3 59 26 a2 e5  ../=]&- .E..Y&..
[00:01:29.334,838] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 00c0:  52 42 f5 3b 7f dd 74 ae ed ce da 6c 71 41 04 00  RB.;..t....lqA..
[00:01:29.352,294] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 00d0:  15 b1 87 5e 56 af a4 b7 ee a8 78 4b c6 3f 86 60  ...^V.....xK.?.`
[00:01:29.369,750] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 00e0:  7f 82 2b 04 91 48 11 47 cc ce 65 8a ad 6b 95 f3  ..+..H.G..e..k..
[00:01:29.387,207] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 00f0:  f3 b2 0a c9 0a 72 f8 de 8e 85 6d e6 45 6e 47 e1  .....r....m.EnG.
[00:01:29.404,693] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0100:  74 ab c2 fd 19 15 3c 70 15 9d ba ba 66 51 bc 20  t.....<p....fQ.
[00:01:29.422,149] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0110:  03 fc fe aa 97 1a bf 98 20 fe 5d c2 29 ff bb 71  ........ .].)..q
[00:01:29.439,605] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0120:  15 a6 36 7c f9 f4 1a eb 90 67 dc 2e 4f 9a 55 7d  ..6|.....g..O.U}
[00:01:29.457,061] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0130:  41 04 1f 6c ad 32 3d 6f c2 f4 b3 95 c2 85 ce 38  A..l.2=o.......8
[00:01:29.474,548] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0140:  e7 c1 9c 51 37 8a 25 b9 fc 82 b9 5f 88 f7 a7 8a  ...Q7.%...._....
[00:01:29.492,004] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0150:  3d b7 1a 13 5c ec f3 c4 df 33 4a d8 d4 1a 62 23  =...\....3J...b#
[00:01:29.509,460] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0160:  8d f6 01 a3 e4 28 3f 2f 22 4b b1 56 28 09 31 ed  .....(?/"K.V(.1.
[00:01:29.526,916] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0170:  bb bf 41 04 30 64 0e 22 dc a6 b1 ec 0f 5e 6f 04  ..A.0d.".....^o.
[00:01:29.544,372] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0180:  cc 31 11 d7 17 69 6c 55 63 5c c8 13 a5 38 a7 74  .1...ilUc\...8.t
[00:01:29.561,859] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0190:  2f 37 84 4b b8 a7 b3 34 83 10 02 af 7e 70 c7 28  /7.K...4....~p.(
[00:01:29.579,315] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 01a0:  92 6b 33 6d 2f b2 f2 14 17 1b ef d8 c8 0d 93 83  .k3m/...........
[00:01:29.596,771] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 01b0:  01 17 87 5a 20 51 29 8a b8 4e 7d 52 bf 92 ad 1e  ...Z Q)..N}R....
[00:01:29.614,227] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 01c0:  82 f7 3a c2 e7 77 10 2d a6 e3 f9 95 de f5 fa fa  ..:..w.-........
[00:01:29.631,652] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 01d0:  ca 67 49 32 5b 00 17 00 00 00 23 00 00           .gI2[.....#..
[00:01:29.648,590] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3081: <= write record
[00:01:29.659,179] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2905: <= write handshake message
[00:01:29.670,715] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:1014: <= write client hello
[00:01:29.682,067] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: => flush output
[00:01:29.692,687] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2368: message length: zu, out_left: zu
[00:01:29.705,444] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2375: ssl->f_send() returned 477 (-0xfffffe23)
[00:01:29.718,170] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2402: <= flush output
[00:01:29.728,790] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4582: client state: MBEDTLS_SSL_SERVER_HELLO
[00:01:29.741,333] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:1196: => parse server hello
[00:01:29.753,234] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4298: => read record
[00:01:29.763,732] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2156: => fetch input
[00:01:29.774,230] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2296: in_left: zu, nb_want: zu
[00:01:29.785,644] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2316: in_left: zu, nb_want: zu
[00:01:29.796,966] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4674: <= handshake
[00:01:29.995,971] <dbg> net_sock: zsock_received_cb: (rx_q[0]): ctx=0x2000b0e8, pkt=0x2005f0a0, st=0, user_data=(nil)
[00:01:30.007,873] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4663: => handshake
[00:01:30.018,371] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: => flush output
[00:01:30.028,991] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2363: <= flush output
[00:01:30.042,114] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4582: client state: MBEDTLS_SSL_SERVER_HELLO
[00:01:30.054,779] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:1196: => parse server hello
[00:01:30.066,650] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4298: => read record
[00:01:30.077,148] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2156: => fetch input
[00:01:30.087,677] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2296: in_left: zu, nb_want: zu
[00:01:30.099,090] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2316: in_left: zu, nb_want: zu
[00:01:30.110,473] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2319: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
[00:01:30.123,901] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2341: <= fetch input
[00:01:30.134,460] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3964: dumping 'input record header' (5 bytes)
[00:01:30.148,925] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3964: 0000:  15 03 01 00 02                                   .....
[00:01:30.165,191] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3966: input record: msgtype = 21, version = [0x301], msglen = zu
[00:01:30.179,229] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2156: => fetch input
[00:01:30.189,758] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2296: in_left: zu, nb_want: zu
[00:01:30.201,202] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2316: in_left: zu, nb_want: zu
[00:01:30.212,585] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2319: ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
[00:01:30.226,013] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2341: <= fetch input
[00:01:30.236,541] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4073: dumping 'input record from network' (7 bytes)
[00:01:30.251,556] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4073: 0000:  15 03 01 00 02 02 70                             ......p
[00:01:30.268,005] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:5218: got an alert message, type: [2:112]
[00:01:30.280,303] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:5225: is a fatal alert message (msg 112)
[00:01:30.292,602] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4353: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
[00:01:30.307,037] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:1200: mbedtls_ssl_read_record() returned -30592 (-0x7780)
[00:01:30.321,533] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4674: <= handshake
[00:01:30.332,153] <err> net_sock_tls: TLS handshake error: -0x7780

Will continue to investigate the new error:
"TLS handshake error: -0x7780"

Edit: Also, a quick question: Currently I'm using "IPPROTO_TLS_1_2", but I saw that "IPPROTO_TLS_1_3" also exists. Is the 1.3 version smaller/ more optimised (less RAM and ROM)?

Current hypothesis is that the error comes from "MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME". This might come from the order I'm trying to do the request.

My order: connect to WiFi network -> getaddrinfo() -> setup socket -> socket connect -> PEER_VERIFY, TAG_LIST, HOSTNAME socket options being set -> send socket request

What I saw in the https_client sample: connect to WiFi network -> getaddrinfo() -> setup socket -> PEER_VERIFY, TAG_LIST, HOSTNAME socket options being set -> socket connect -> send socket request

I assume the https_client sample's order is the right one, so trying to do it that way now. Sadly, that brings a new error when trying to socket connect:

>>> print("Connecting to:", result[0][-1])
Connecting to: ('142.251.39.14', 443)
>>> s.connect(result[0][-1])
DNS message size: 44
DNS message content (hex):50 4e 81 80 00 01 00 01 00 00 00 00 06 67 6f 6f 67 6c 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 c0 00 04 8e fb 27 0e
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OSError: [Errno 2] ENOENT

Adding even more debugging code, I reached the function "tls_mbedtls_set_credentials()" inside sockets_tls.c. In there, there's a loop:

while ((cred = credential_next_get(tag, cred)) != NULL) {

which doesn't even enter, so it goes to the next section where it throws the above error:

if (!tag_found) {
    err = -ENOENT;
    goto exit;
}

Hi,

Tudor B. said:

since I had a suspicion that allowing MBEDTLS to have its own stack would somehow use up more RAM than by not letting it.

This seems to have COMPLETELY unlocked MBEDTLS!

Disabling the dedicated mbedtls .heap can cause issues, as this will then fallback to using the system heap (CONFIG_HEAP_MEM_POOL_SIZE).

If you do not use alot of heap, then you're fine, but this will require added runtime test and verification to ensure no heap overflow.

Tudor B. said:

Current hypothesis is that the error comes from "MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME". This might come from the order I'm trying to do the request.

My order: connect to WiFi network -> getaddrinfo() -> setup socket -> socket connect -> PEER_VERIFY, TAG_LIST, HOSTNAME socket options being set -> send socket request

What I saw in the https_client sample: connect to WiFi network -> getaddrinfo() -> setup socket -> PEER_VERIFY, TAG_LIST, HOSTNAME socket options being set -> socket connect -> send socket request

So, we know that a https_client sample is able to respond to the SERVER_HELLO with a CLIENT_HELLO (which is the one that we're missing here).

There can be several reasons for this, but the server tells us a fatal error with 112, which is a strange response, but might point to missing mbedtls features, if you read into this stack overflow thread:

https://stackoverflow.com/questions/74678330/ssl-tls-handshake-failed-unrecognized-name

Q1: Do you have SNI enabled in mbedtls?

CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION

Q2: Could you share your full .config file? I want to see which mbedtls features are enabled, and which are not.

Q3: Recreating this locally at my end will require micropy. Can you share which version of micropy (and zephyr) that you use and a brief of the socket commands that you use, so I can try this on my end?

Kind regards,

Håkon