• State Verified Answer
  • Replies 1 reply
  • Subscribers 86 subscribers
  • Views 370 views
  • Users 0 members are here
Attachments (5) Download All
Nordic Case Info
  • Case ID: 353976
Options

nRF9151 DK DTLS handshake fails with Mbed-TLS server (ssl_server2 ) running on Linux Host

JOEBRE

We've derived a DTLS handshake test firmware from github.com/.../l5_e2_sol

Tests have been done using nRF9151 DK, SDK 3.1.0 and modem firmware 2.0.2.

First we verified that the original code (performing COAP stuff using DTLS handshake) was able to successfully complete the handshake with the public COAP server (it does). 

Then we modified this code (removing all COAP related stuff) to perform a simple  DTLS handshake with a ssl_server2 ( Mbed-TLS) server instance running on our public reachable server (port 8365).

Mbed-TLS has been chosen to avoid incompatibilities between server and client (nRF91 uses a Mbed based DTLS code as far as we understood). ssl_server2 has been built from scratch directly from git repository(git clone --depth 1 --branch v3.5.2 github.com/.../mbedtls.git )

cellfund_less5_exer2_solution.zip contains the nRFConnect project (derived from Nordic COAP exercise 5/2 ) performing the DTSL handshake with ssl_server. 

We started the ssl_server2 instance using ("73757065727365637265746b6579" is the hex of "supersecretkey" which is our key):

> ./programs/ssl/ssl_server2 dtls=1 server_port=5685 psk="73757065727365637265746b6579" psk_identity="device001" force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 min_version=dtls12 max_version=dtls12 extended_ms=0 debug_level=3

As visible in ssl_server2.txt, the handshake seems to progress well till the very last step when messages starts to be encrypted.  At this point there is an error.

We double checked using gnutls-serv but with the same result ( > sudo gnutls-serv --udp --port 5685 --pskpasswd psk.txt --priority "NORMAL:-KX-ALL:+PSK:+AES-128-CCM-8:+VERS-DTLS1.2" -d 9 ). gnutls.txt contains the output of gnutls.

nRF9151 proposes the following ciphers (TLS_PSK_WITH_AES_128_CCM_8 used by ssl_server2 is part of the proposed ciphers):

DTLSv1.2 Record Layer: Handshake Protocol: Client Hello
      Cipher Suites (5 suites)
           Cipher Suite: TLS_PSK_WITH_AES_256_CBC_SHA (0x008d)
           Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA256 (0x00ae)
           Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA (0x008c)
           Cipher Suite: TLS_PSK_WITH_AES_128_CCM_8 (0xc0a8)
           Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

wireshark_log.pcapng contains the log of the whole failing handshake.

We successfully heaved DTLS handshake using openssl and third party DTLS client attached to the cellphone network, hence any firewall, NAT,  ecc.  related issues can be excluded.

Fullscreen gnutls.log Download 
sudo gnutls-serv --udp --port 5685 --pskpasswd psk.txt --priority "NORMAL:-KX-ALL:+PSK:+AES-128-CCM-8:+VERS-DTLS1.2" -d 9 > out.txt
Warning: no private key and certificate pairs were set.
UDP HTTP Server listening on IPv4 0.0.0.0 port 5685...done
UDP HTTP Server listening on IPv6 :: port 5685...done
|<3>| ASSERT: ../../lib/dtls.c[gnutls_dtls_cookie_verify]:974
|<5>| REC[0x61dd4f39d2a0]: Allocating epoch #0
|<2>| added 3 protocols, 13 ciphersuites, 19 sig algos and 10 groups into priority list
|<5>| REC[0x61dd4f39d2a0]: Allocating epoch #1
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 Handshake packet received. Epoch 0, length: 139
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet Handshake(22) with length: 139
|<5>| REC[0x61dd4f39d2a0]: Decrypted Packet[0.1] Handshake(22) with length: 139
|<4>| HSK[0x61dd4f39d2a0]: CLIENT HELLO (1) was received. Length 127[127], frag offset 0, frag length: 127, sequence: 1
|<4>| HSK[0x61dd4f39d2a0]: Client's version: 254.253
|<4>| EXT[0x61dd4f39d2a0]: Parsing extension 'Server Name Indication/0' (24 bytes)
|<3>| ASSERT: ../../lib/db.c[_gnutls_server_restore_session]:328
|<4>| EXT[0x61dd4f39d2a0]: Parsing extension 'Signature Algorithms/13' (14 bytes)
|<4>| EXT[0x61dd4f39d2a0]: rcvd signature algo (6.3) ECDSA-SHA512
|<4>| EXT[0x61dd4f39d2a0]: rcvd signature algo (6.1) RSA-SHA512
|<4>| EXT[0x61dd4f39d2a0]: rcvd signature algo (5.3) ECDSA-SHA384
|<4>| EXT[0x61dd4f39d2a0]: rcvd signature algo (5.1) RSA-SHA384
|<4>| EXT[0x61dd4f39d2a0]: rcvd signature algo (4.3) ECDSA-SHA256
|<4>| EXT[0x61dd4f39d2a0]: rcvd signature algo (4.1) RSA-SHA256
|<4>| HSK[0x61dd4f39d2a0]: Received safe renegotiation CS
|<2>| checking 00.8d (GNUTLS_PSK_AES_256_CBC_SHA1) for compatibility
|<4>| HSK[0x61dd4f39d2a0]: Selected cipher suite: GNUTLS_PSK_AES_256_CBC_SHA1
|<4>| HSK[0x61dd4f39d2a0]: Selected version DTLS1.2
|<4>| HSK[0x61dd4f39d2a0]: Safe renegotiation succeeded
|<4>| HSK[0x61dd4f39d2a0]: SessionID: a1ef73acd52967a04f4a4e71055c4bcd56b65ca4fe74b904dd8824f18d625712
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Server Name Indication/0) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Supported EC Point Formats/11) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Supported Groups/10) for 'TLS 1.2 server hello'
|<3>| ASSERT: ../../lib/hello_ext.c[hello_ext_send]:341
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (Supported Versions/43) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Encrypt-then-MAC/22) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (ALPN/16) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Server Certificate Type/20) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Extended Master Secret/23) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (OCSP Status Request/5) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (Compress Certificate/27) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (Signature Algorithms/13) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Safe Renegotiation/65281) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Sending extension Safe Renegotiation/65281 (1 bytes)
|<3>| ASSERT: ../../lib/hello_ext.c[hello_ext_send]:341
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (Early Data/42) for 'TLS 1.2 server hello'
|<3>| ASSERT: ../../lib/hello_ext.c[hello_ext_send]:341
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (Key Share/51) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (SRTP/14) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Client Certificate Type/19) for 'TLS 1.2 server hello'
|<3>| ASSERT: ../../lib/hello_ext.c[hello_ext_send]:341
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (PSK Key Exchange Modes/45) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Maximum Record Size/1) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Session Ticket/35) for 'TLS 1.2 server hello'
|<3>| ASSERT: ../../lib/hello_ext.c[hello_ext_send]:341
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.2 server hello'
|<4>| EXT[0x61dd4f39d2a0]: Preparing extension (Record Size Limit/28) for 'TLS 1.2 server hello'
|<3>| ASSERT: ../../lib/hello_ext.c[hello_ext_send]:341
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (Cookie/44) for 'TLS 1.2 server hello'
|<3>| ASSERT: ../../lib/hello_ext.c[hello_ext_send]:341
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (ClientHello Padding/21) for 'TLS 1.2 server hello'
|<3>| ASSERT: ../../lib/hello_ext.c[hello_ext_send]:341
|<4>| EXT[0x61dd4f39d2a0]: Not sending extension (Pre Shared Key/41) for 'TLS 1.2 server hello'
|<4>| HSK[0x61dd4f39d2a0]: SERVER HELLO was queued [89 bytes]
|<3>| ASSERT: ../../../lib/auth/psk.c[_gnutls_gen_psk_server_kx]:271
|<3>| ASSERT: ../../lib/kx.c[_gnutls_send_server_kx_message]:297
|<4>| HSK[0x61dd4f39d2a0]: SERVER HELLO DONE was queued [12 bytes]
|<6>| DTLS[0x61dd4f39d2a0]: Start of flight transmission.
|<6>| DTLS[0x61dd4f39d2a0]: Sending Packet[1] fragment SERVER HELLO(2) with length: 77, offset: 0, fragment length: 77, mtu: 1275
|<5>| REC[0x61dd4f39d2a0]: Preparing Packet Handshake(22) with length: 89 and min pad: 0
|<9>| ENC[0x61dd4f39d2a0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<5>| REC[0x61dd4f39d2a0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 102
|<6>| DTLS[0x61dd4f39d2a0]: Sending Packet[2] fragment SERVER HELLO DONE(14) with length: 0, offset: 0, fragment length: 0, mtu: 1275
|<5>| REC[0x61dd4f39d2a0]: Preparing Packet Handshake(22) with length: 12 and min pad: 0
|<9>| ENC[0x61dd4f39d2a0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<5>| REC[0x61dd4f39d2a0]: Sent Packet[3] Handshake(22) in epoch 0 and length: 25
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 Handshake packet received. Epoch 0, length: 23
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet Handshake(22) with length: 23
|<5>| REC[0x61dd4f39d2a0]: Decrypted Packet[0.2] Handshake(22) with length: 23
|<4>| HSK[0x61dd4f39d2a0]: CLIENT KEY EXCHANGE (16) was received. Length 11[11], frag offset 0, frag length: 11, sequence: 2
|<6>| DTLS[0x61dd4f39d2a0]: End of flight transmission.
|<3>| ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1374
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 ChangeCipherSpec packet received. Epoch 0, length: 1
|<5>| REC[0x61dd4f39d2a0]: Expected Packet ChangeCipherSpec(20)
|<5>| REC[0x61dd4f39d2a0]: Received Packet ChangeCipherSpec(20) with length: 1
|<5>| REC[0x61dd4f39d2a0]: Decrypted Packet[0.3] ChangeCipherSpec(20) with length: 1
|<9>| INT: PREMASTER SECRET[32]: 000e0000000000000000000000000000000e73757065727365637265746b6579
|<9>| INT: CLIENT RANDOM[32]: 6914368b7067e41537c7d5f18932e510feebf550ff80e9d0b3d0ca725b8b38f0
|<9>| INT: SERVER RANDOM[32]: dd27761b901da13779d619943268f5685f4f5c1e5d60b06fd441875e9cb2febb
|<9>| INT: MASTER SECRET[48]: 48c10c4fb4eb46fce6679a3b5bad0f7d6ddd0e5782bdeefbfa4b54f527795ad704224bcc032e28c1b1bd3bb4df6a8334
|<5>| REC[0x61dd4f39d2a0]: Initializing epoch #1
|<9>| INT: KEY BLOCK[136]: e2ab56459efb9c3836ac228f68b762ca1f9c597c5cea9939cf841cb1b927922264a60173646546b82fecedf0f13c1af7011df8df2c393d6776b627fb2fee0f1e3f2e9f88911d8b806e952288ee773c6c6a015bca2165b71574c8ceb35c0abbbcf90cd482895dfa9b16c8e15438497cd157e5bafceabfa7710e45536b0fb1ccef99928a010bee90d8
|<9>| INT: CLIENT MAC KEY [20]: e2ab56459efb9c3836ac228f68b762ca1f9c597c
|<9>| INT: SERVER MAC KEY [20]: 5cea9939cf841cb1b927922264a60173646546b8
|<9>| INT: CLIENT WRITE KEY [32]: 2fecedf0f13c1af7011df8df2c393d6776b627fb2fee0f1e3f2e9f88911d8b80
|<9>| INT: SERVER WRITE KEY [32]: 6e952288ee773c6c6a015bca2165b71574c8ceb35c0abbbcf90cd482895dfa9b
|<9>| INT: CLIENT WRITE IV [16]: 16c8e15438497cd157e5bafceabfa771
|<9>| INT: SERVER WRITE IV [16]: 0e45536b0fb1ccef99928a010bee90d8
|<5>| REC[0x61dd4f39d2a0]: Epoch #1 ready
|<4>| HSK[0x61dd4f39d2a0]: Cipher Suite: GNUTLS_PSK_AES_256_CBC_SHA1
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 Handshake packet received. Epoch 1, length: 64
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet Handshake(22) with length: 64
|<3>| ASSERT: ../../lib/cipher-cbc.c[cbc_mac_verify]:148
|<3>| ASSERT: ../../lib/cipher.c[decrypt_packet]:720
|<3>| ASSERT: ../../lib/cipher.c[_gnutls_decrypt]:138
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1464
|<0x61dd4f39d2a0>| Discarded message[281474976710656] due to invalid decryption
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1580
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_recv_finished]:1040
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3478
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 Handshake packet received. Epoch 0, length: 23
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet Handshake(22) with length: 23
|<3>| ASSERT: ../../lib/cipher.c[decrypt_packet]:673
|<3>| ASSERT: ../../lib/cipher.c[_gnutls_decrypt]:138
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1464
|<0x61dd4f39d2a0>| Discarded message[4] due to invalid decryption
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1580
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_recv_finished]:1040
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3478
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 ChangeCipherSpec packet received. Epoch 0, length: 1
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet ChangeCipherSpec(20) with length: 1
|<3>| ASSERT: ../../lib/cipher.c[decrypt_packet]:668
|<3>| ASSERT: ../../lib/cipher.c[_gnutls_decrypt]:138
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1464
|<0x61dd4f39d2a0>| Discarded message[5] due to invalid decryption
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1580
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_recv_finished]:1040
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3478
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 Handshake packet received. Epoch 1, length: 64
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet Handshake(22) with length: 64
|<3>| ASSERT: ../../lib/cipher-cbc.c[cbc_mac_verify]:148
|<3>| ASSERT: ../../lib/cipher.c[decrypt_packet]:720
|<3>| ASSERT: ../../lib/cipher.c[_gnutls_decrypt]:138
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1464
|<0x61dd4f39d2a0>| Discarded message[281474976710657] due to invalid decryption
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1580
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_recv_finished]:1040
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3478
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 Handshake packet received. Epoch 0, length: 23
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet Handshake(22) with length: 23
|<3>| ASSERT: ../../lib/cipher.c[decrypt_packet]:673
|<3>| ASSERT: ../../lib/cipher.c[_gnutls_decrypt]:138
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1464
|<0x61dd4f39d2a0>| Discarded message[6] due to invalid decryption
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1580
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_recv_finished]:1040
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3478
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 ChangeCipherSpec packet received. Epoch 0, length: 1
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet ChangeCipherSpec(20) with length: 1
|<3>| ASSERT: ../../lib/cipher.c[decrypt_packet]:668
|<3>| ASSERT: ../../lib/cipher.c[_gnutls_decrypt]:138
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1464
|<0x61dd4f39d2a0>| Discarded message[7] due to invalid decryption
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1580
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_recv_finished]:1040
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3478
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
|<5>| REC[0x61dd4f39d2a0]: SSL 254.253 Handshake packet received. Epoch 1, length: 64
|<5>| REC[0x61dd4f39d2a0]: Expected Packet Handshake(22)
|<5>| REC[0x61dd4f39d2a0]: Received Packet Handshake(22) with length: 64
|<3>| ASSERT: ../../lib/cipher-cbc.c[cbc_mac_verify]:148
|<3>| ASSERT: ../../lib/cipher.c[decrypt_packet]:720
|<3>| ASSERT: ../../lib/cipher.c[_gnutls_decrypt]:138
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1464
|<0x61dd4f39d2a0>| Discarded message[281474976710658] due to invalid decryption
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1580
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_recv_finished]:1040
|<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3478
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1143
^CExiting via signal 2

8407.cellfund_less5_exer2_solution.zip

Fullscreen ssl_ server2.log Download 
./programs/ssl/ssl_server2 dtls=1 server_port=5685 psk="73757065727365637265746b6579" psk_identity="device001" force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 min_version=dtls12 max_version=dtls12 extended_ms=0 debug_level=3
build version: Mbed TLS 3.5.2 (build 50659840)

  . Seeding the random number generator... ok
  . Loading the CA root certificate ... ok (0 skipped)
  . Loading the server cert. and key... ok (key types: RSA, EC)
  . Setting up the SSL/TLS structure...ssl_tls.c:0111: |3| Disable use of CID extension.
ssl_msg.c:0291: |3| set_timer to 0 ms
 ok
  . Bind on udp://*:5685/ ... ok
ssl_msg.c:0291: |3| set_timer to 0 ms
ssl_msg.c:0291: |3| set_timer to 0 ms
  . Waiting for a remote connection ... ok
  . Performing the SSL/TLS handshake...ssl_tls.c:3919: |2| => handshake
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 0
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 1
ssl_tls12_server.c:0911: |2| => parse client hello
ssl_msg.c:2160: |2| => fetch input
ssl_msg.c:2206: |2| in_left: 0, nb_want: 5
ssl_msg.c:2245: |3| f_recv_timeout: 0 ms
ssl_msg.c:0323: |1| => mbedtls_ssl_check_record
ssl_msg.c:0324: |3| dumping 'record buffer' (136 bytes)
ssl_msg.c:0324: |3| 0000:  16 fe fd 00 00 00 00 00 00 00 00 00 7b 01 00 00  ............{...
ssl_msg.c:0324: |3| 0010:  6f 00 00 00 00 00 00 00 6f fe fd 69 14 35 fc d3  o.......o..i.5..
ssl_msg.c:0324: |3| 0020:  ce 29 7b c6 c7 66 d6 58 07 3a a9 63 38 46 77 30  .){..f.X.:.c8Fw0
ssl_msg.c:0324: |3| 0030:  0e ed 4e f5 e8 5c ea f1 7f 47 8d 00 00 00 0a 00  ..N..\...G......
ssl_msg.c:0324: |3| 0040:  8d 00 ae 00 8c c0 a8 00 ff 01 00 00 3b 00 00 00  ............;...
ssl_msg.c:0324: |3| 0050:  18 00 16 00 00 13 47 49 4d 53 53 65 72 76 65 72  ......GIMSServer
ssl_msg.c:0324: |3| 0060:  2e 6d 6f 6f 6f 2e 63 6f 6d 00 0d 00 0e 00 0c 06  .mooo.com.......
ssl_msg.c:0324: |3| 0070:  03 06 01 05 03 05 01 04 03 04 01 00 36 00 09 08  ............6...
ssl_msg.c:0324: |3| 0080:  6d 65 24 62 db 7b 54 dc                          me$b.{T.
ssl_msg.c:3869: |3| input record: msgtype = 22, version = [0x303], msglen = 123
ssl_msg.c:0365: |1| <= mbedtls_ssl_check_record
ssl_msg.c:0323: |1| => mbedtls_ssl_check_record
ssl_msg.c:0324: |3| dumping 'record buffer' (136 bytes)
ssl_msg.c:0324: |3| 0000:  16 fe fd 00 00 00 00 00 00 00 00 00 7b 01 00 00  ............{...
ssl_msg.c:0324: |3| 0010:  6f 00 00 00 00 00 00 00 6f fe fd 69 14 35 fc d3  o.......o..i.5..
ssl_msg.c:0324: |3| 0020:  ce 29 7b c6 c7 66 d6 58 07 3a a9 63 38 46 77 30  .){..f.X.:.c8Fw0
ssl_msg.c:0324: |3| 0030:  0e ed 4e f5 e8 5c ea f1 7f 47 8d 00 00 00 0a 00  ..N..\...G......
ssl_msg.c:0324: |3| 0040:  8d 00 ae 00 8c c0 a8 00 ff 01 00 00 3b 00 00 00  ............;...
ssl_msg.c:0324: |3| 0050:  18 00 16 00 00 13 47 49 4d 53 53 65 72 76 65 72  ......GIMSServer
ssl_msg.c:0324: |3| 0060:  2e 6d 6f 6f 6f 2e 63 6f 6d 00 0d 00 0e 00 0c 06  .mooo.com.......
ssl_msg.c:0324: |3| 0070:  03 06 01 05 03 05 01 04 03 04 01 00 36 00 09 08  ............6...
ssl_msg.c:0324: |3| 0080:  6d 65 24 62 db 7b 54 dc                          me$b.{T.
ssl_msg.c:3869: |3| input record: msgtype = 22, version = [0x303], msglen = 123
ssl_msg.c:0365: |1| <= mbedtls_ssl_check_record
ssl_msg.c:2254: |2| ssl->f_recv(_timeout)() returned 136 (-0xffffff78)
ssl_msg.c:2345: |2| <= fetch input
ssl_tls12_server.c:0951: |3| client hello, message type: 22
ssl_tls12_server.c:0959: |3| client hello, message len.: 123
ssl_tls12_server.c:0962: |3| client hello, protocol version: [254:253]
ssl_msg.c:2160: |2| => fetch input
ssl_msg.c:2206: |2| in_left: 136, nb_want: 136
ssl_msg.c:2214: |2| <= fetch input
ssl_tls12_server.c:1052: |3| client hello v3, handshake type: 1
ssl_tls12_server.c:1060: |3| client hello v3, handshake len.: 111
ssl_tls12_server.c:1159: |3| dumping 'client hello, version' (2 bytes)
ssl_tls12_server.c:1159: |3| 0000:  fe fd                                            ..
ssl_tls12_server.c:1175: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_tls12_server.c:1175: |3| 0000:  69 14 35 fc d3 ce 29 7b c6 c7 66 d6 58 07 3a a9  i.5...){..f.X.:.
ssl_tls12_server.c:1175: |3| 0010:  63 38 46 77 30 0e ed 4e f5 e8 5c ea f1 7f 47 8d  c8Fw0..N..\...G.
ssl_tls12_server.c:1192: |3| dumping 'client hello, session id' (0 bytes)
ssl_tls12_server.c:1215: |3| dumping 'client hello, cookie' (0 bytes)
ssl_tls12_server.c:1227: |2| cookie verification failed
ssl_tls12_server.c:1266: |3| dumping 'client hello, ciphersuitelist' (10 bytes)
ssl_tls12_server.c:1266: |3| 0000:  00 8d 00 ae 00 8c c0 a8 00 ff                    ..........
ssl_tls12_server.c:1288: |3| dumping 'client hello, compression' (1 bytes)
ssl_tls12_server.c:1288: |3| 0000:  00                                               .
ssl_tls12_server.c:1317: |3| dumping 'client hello extensions' (59 bytes)
ssl_tls12_server.c:1317: |3| 0000:  00 00 00 18 00 16 00 00 13 47 49 4d 53 53 65 72  .........GIMSSer
ssl_tls12_server.c:1317: |3| 0010:  76 65 72 2e 6d 6f 6f 6f 2e 63 6f 6d 00 0d 00 0e  ver.mooo.com....
ssl_tls12_server.c:1317: |3| 0020:  00 0c 06 03 06 01 05 03 05 01 04 03 04 01 00 36  ...............6
ssl_tls12_server.c:1317: |3| 0030:  00 09 08 6d 65 24 62 db 7b 54 dc                 ...me$b.{T.
ssl_tls12_server.c:1340: |3| found ServerName extension
ssl_tls.c:9366: |3| parse ServerName extension
ssl_tls12_server.c:1363: |3| found signature_algorithms extension
ssl_tls12_server.c:1423: |3| found CID extension
ssl_tls12_server.c:0400: |3| Client sent CID extension, but CID disabled
ssl_tls12_server.c:1531: |3| received TLS_EMPTY_RENEGOTIATION_INFO 
ssl_tls12_server.c:0810: |3| trying ciphersuite: 0xc0a8 (TLS-PSK-WITH-AES-128-CCM-8)
ssl_tls12_server.c:1655: |2| selected ciphersuite: TLS-PSK-WITH-AES-128-CCM-8
ssl_msg.c:0291: |3| set_timer to 0 ms
ssl_tls12_server.c:1678: |3| no hash algorithm for signature algorithm 0 - should not happen
ssl_tls12_server.c:1683: |2| <= parse client hello
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 2
ssl_tls12_server.c:2170: |2| => write server hello
ssl_tls12_server.c:2175: |2| client hello was not authenticated
ssl_tls12_server.c:2176: |2| <= write server hello
ssl_tls12_server.c:2049: |2| => write hello verify request
ssl_tls12_server.c:2061: |3| dumping 'server version' (2 bytes)
ssl_tls12_server.c:2061: |3| 0000:  fe fd                                            ..
ssl_tls12_server.c:2082: |3| dumping 'cookie sent' (32 bytes)
ssl_tls12_server.c:2082: |3| 0000:  69 14 35 fd ee 25 a5 21 8a 6b 55 16 7f 77 e1 79  i.5..%.!.kU..w.y
ssl_tls12_server.c:2082: |3| 0010:  e4 a3 ac 29 53 19 66 88 3c f1 1b 28 3e fd 39 6d  ...)S.f.<..(>.9m
ssl_msg.c:2788: |2| => write handshake message
ssl_msg.c:2422: |2| => ssl_flight_append
ssl_msg.c:2457: |2| <= ssl_flight_append
ssl_msg.c:2909: |2| <= write handshake message
ssl_msg.c:2539: |2| => mbedtls_ssl_flight_transmit
ssl_msg.c:2542: |2| initialise flight transmission
ssl_msg.c:2489: |3| skip swap epochs
ssl_msg.c:2643: |3| dumping 'handshake header' (12 bytes)
ssl_msg.c:2643: |3| 0000:  03 00 00 23 00 00 00 00 00 00 00 23              ...#.......#
ssl_msg.c:2948: |2| => write record
ssl_msg.c:3032: |3| output record: msgtype = 22, version = [254:253], msglen = 47
ssl_msg.c:3072: |2| Still 16324 bytes available in current datagram
ssl_msg.c:3085: |2| <= write record
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2372: |2| message length: 60, out_left: 60
ssl_msg.c:2379: |2| ssl->f_send() returned 60 (-0xffffffc4)
ssl_msg.c:2406: |2| <= flush output
ssl_msg.c:0291: |3| set_timer to 0 ms
ssl_msg.c:2684: |2| <= mbedtls_ssl_flight_transmit
ssl_tls12_server.c:2103: |2| <= write hello verify request
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 17
ssl_tls.c:3930: |2| <= handshake
 hello verification requested
ssl_msg.c:0291: |3| set_timer to 0 ms
ssl_msg.c:0291: |3| set_timer to 0 ms
  . Waiting for a remote connection ... ok
  . Performing the SSL/TLS handshake...ssl_tls.c:3919: |2| => handshake
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 0
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 1
ssl_tls12_server.c:0911: |2| => parse client hello
ssl_msg.c:2160: |2| => fetch input
ssl_msg.c:2206: |2| in_left: 0, nb_want: 5
ssl_msg.c:2245: |3| f_recv_timeout: 0 ms
ssl_msg.c:0323: |1| => mbedtls_ssl_check_record
ssl_msg.c:0324: |3| dumping 'record buffer' (168 bytes)
ssl_msg.c:0324: |3| 0000:  16 fe fd 00 00 00 00 00 00 00 01 00 9b 01 00 00  ................
ssl_msg.c:0324: |3| 0010:  8f 00 01 00 00 00 00 00 8f fe fd 69 14 35 fc d3  ...........i.5..
ssl_msg.c:0324: |3| 0020:  ce 29 7b c6 c7 66 d6 58 07 3a a9 63 38 46 77 30  .){..f.X.:.c8Fw0
ssl_msg.c:0324: |3| 0030:  0e ed 4e f5 e8 5c ea f1 7f 47 8d 00 20 69 14 35  ..N..\...G.. i.5
ssl_msg.c:0324: |3| 0040:  fd ee 25 a5 21 8a 6b 55 16 7f 77 e1 79 e4 a3 ac  ..%.!.kU..w.y...
ssl_msg.c:0324: |3| 0050:  29 53 19 66 88 3c f1 1b 28 3e fd 39 6d 00 0a 00  )S.f.<..(>.9m...
ssl_msg.c:0324: |3| 0060:  8d 00 ae 00 8c c0 a8 00 ff 01 00 00 3b 00 00 00  ............;...
ssl_msg.c:0324: |3| 0070:  18 00 16 00 00 13 47 49 4d 53 53 65 72 76 65 72  ......GIMSServer
ssl_msg.c:0324: |3| 0080:  2e 6d 6f 6f 6f 2e 63 6f 6d 00 0d 00 0e 00 0c 06  .mooo.com.......
ssl_msg.c:0324: |3| 0090:  03 06 01 05 03 05 01 04 03 04 01 00 36 00 09 08  ............6...
ssl_msg.c:0324: |3| 00a0:  6d 65 24 62 db 7b 54 dc                          me$b.{T.
ssl_msg.c:3869: |3| input record: msgtype = 22, version = [0x303], msglen = 155
ssl_msg.c:0365: |1| <= mbedtls_ssl_check_record
ssl_msg.c:0323: |1| => mbedtls_ssl_check_record
ssl_msg.c:0324: |3| dumping 'record buffer' (168 bytes)
ssl_msg.c:0324: |3| 0000:  16 fe fd 00 00 00 00 00 00 00 01 00 9b 01 00 00  ................
ssl_msg.c:0324: |3| 0010:  8f 00 01 00 00 00 00 00 8f fe fd 69 14 35 fc d3  ...........i.5..
ssl_msg.c:0324: |3| 0020:  ce 29 7b c6 c7 66 d6 58 07 3a a9 63 38 46 77 30  .){..f.X.:.c8Fw0
ssl_msg.c:0324: |3| 0030:  0e ed 4e f5 e8 5c ea f1 7f 47 8d 00 20 69 14 35  ..N..\...G.. i.5
ssl_msg.c:0324: |3| 0040:  fd ee 25 a5 21 8a 6b 55 16 7f 77 e1 79 e4 a3 ac  ..%.!.kU..w.y...
ssl_msg.c:0324: |3| 0050:  29 53 19 66 88 3c f1 1b 28 3e fd 39 6d 00 0a 00  )S.f.<..(>.9m...
ssl_msg.c:0324: |3| 0060:  8d 00 ae 00 8c c0 a8 00 ff 01 00 00 3b 00 00 00  ............;...
ssl_msg.c:0324: |3| 0070:  18 00 16 00 00 13 47 49 4d 53 53 65 72 76 65 72  ......GIMSServer
ssl_msg.c:0324: |3| 0080:  2e 6d 6f 6f 6f 2e 63 6f 6d 00 0d 00 0e 00 0c 06  .mooo.com.......
ssl_msg.c:0324: |3| 0090:  03 06 01 05 03 05 01 04 03 04 01 00 36 00 09 08  ............6...
ssl_msg.c:0324: |3| 00a0:  6d 65 24 62 db 7b 54 dc                          me$b.{T.
ssl_msg.c:3869: |3| input record: msgtype = 22, version = [0x303], msglen = 155
ssl_msg.c:0365: |1| <= mbedtls_ssl_check_record
ssl_msg.c:2254: |2| ssl->f_recv(_timeout)() returned 168 (-0xffffff58)
ssl_msg.c:2345: |2| <= fetch input
ssl_tls12_server.c:0951: |3| client hello, message type: 22
ssl_tls12_server.c:0959: |3| client hello, message len.: 155
ssl_tls12_server.c:0962: |3| client hello, protocol version: [254:253]
ssl_msg.c:2160: |2| => fetch input
ssl_msg.c:2206: |2| in_left: 168, nb_want: 168
ssl_msg.c:2214: |2| <= fetch input
ssl_tls12_server.c:1052: |3| client hello v3, handshake type: 1
ssl_tls12_server.c:1060: |3| client hello v3, handshake len.: 143
ssl_tls12_server.c:1159: |3| dumping 'client hello, version' (2 bytes)
ssl_tls12_server.c:1159: |3| 0000:  fe fd                                            ..
ssl_tls12_server.c:1175: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_tls12_server.c:1175: |3| 0000:  69 14 35 fc d3 ce 29 7b c6 c7 66 d6 58 07 3a a9  i.5...){..f.X.:.
ssl_tls12_server.c:1175: |3| 0010:  63 38 46 77 30 0e ed 4e f5 e8 5c ea f1 7f 47 8d  c8Fw0..N..\...G.
ssl_tls12_server.c:1192: |3| dumping 'client hello, session id' (0 bytes)
ssl_tls12_server.c:1215: |3| dumping 'client hello, cookie' (32 bytes)
ssl_tls12_server.c:1215: |3| 0000:  69 14 35 fd ee 25 a5 21 8a 6b 55 16 7f 77 e1 79  i.5..%.!.kU..w.y
ssl_tls12_server.c:1215: |3| 0010:  e4 a3 ac 29 53 19 66 88 3c f1 1b 28 3e fd 39 6d  ...)S.f.<..(>.9m
ssl_tls12_server.c:1230: |2| cookie verification passed
ssl_tls12_server.c:1266: |3| dumping 'client hello, ciphersuitelist' (10 bytes)
ssl_tls12_server.c:1266: |3| 0000:  00 8d 00 ae 00 8c c0 a8 00 ff                    ..........
ssl_tls12_server.c:1288: |3| dumping 'client hello, compression' (1 bytes)
ssl_tls12_server.c:1288: |3| 0000:  00                                               .
ssl_tls12_server.c:1317: |3| dumping 'client hello extensions' (59 bytes)
ssl_tls12_server.c:1317: |3| 0000:  00 00 00 18 00 16 00 00 13 47 49 4d 53 53 65 72  .........GIMSSer
ssl_tls12_server.c:1317: |3| 0010:  76 65 72 2e 6d 6f 6f 6f 2e 63 6f 6d 00 0d 00 0e  ver.mooo.com....
ssl_tls12_server.c:1317: |3| 0020:  00 0c 06 03 06 01 05 03 05 01 04 03 04 01 00 36  ...............6
ssl_tls12_server.c:1317: |3| 0030:  00 09 08 6d 65 24 62 db 7b 54 dc                 ...me$b.{T.
ssl_tls12_server.c:1340: |3| found ServerName extension
ssl_tls.c:9366: |3| parse ServerName extension
ssl_tls12_server.c:1363: |3| found signature_algorithms extension
ssl_tls12_server.c:1423: |3| found CID extension
ssl_tls12_server.c:0400: |3| Client sent CID extension, but CID disabled
ssl_tls12_server.c:1531: |3| received TLS_EMPTY_RENEGOTIATION_INFO 
ssl_tls12_server.c:0810: |3| trying ciphersuite: 0xc0a8 (TLS-PSK-WITH-AES-128-CCM-8)
ssl_tls12_server.c:1655: |2| selected ciphersuite: TLS-PSK-WITH-AES-128-CCM-8
ssl_msg.c:0291: |3| set_timer to 0 ms
ssl_tls12_server.c:1678: |3| no hash algorithm for signature algorithm 0 - should not happen
ssl_tls12_server.c:1683: |2| <= parse client hello
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 2
ssl_tls12_server.c:2170: |2| => write server hello
ssl_tls12_server.c:2200: |3| server hello, chosen version: [254:253]
ssl_tls12_server.c:2208: |3| server hello, current time: 1762932221
ssl_tls12_server.c:2252: |3| dumping 'server hello, random bytes' (32 bytes)
ssl_tls12_server.c:2252: |3| 0000:  69 14 35 fd a7 4b 6d 9f 7f 95 29 a6 a8 d5 33 c1  i.5..Km...)...3.
ssl_tls12_server.c:2252: |3| 0010:  11 64 56 0a 20 38 c8 72 16 3d 62 16 2d ba 46 b8  .dV. 8.r.=b.-.F.
ssl_tls12_server.c:2305: |3| server hello, session id len.: 32
ssl_tls12_server.c:2306: |3| dumping 'server hello, session id' (32 bytes)
ssl_tls12_server.c:2306: |3| 0000:  95 28 5e bb 16 c0 e6 a8 f6 51 2d 65 3d cd 53 a8  .(^......Q-e=.S.
ssl_tls12_server.c:2306: |3| 0010:  2b 7c c5 40 d0 01 5f f1 77 de cd f8 89 c6 89 0e  +|.@.._.w.......
ssl_tls12_server.c:2307: |3| no session has been resumed
ssl_tls12_server.c:2314: |3| server hello, chosen ciphersuite: TLS-PSK-WITH-AES-128-CCM-8
ssl_tls12_server.c:2316: |3| server hello, compress alg.: 0x00
ssl_tls12_server.c:1838: |3| server hello, secure renegotiation extension
ssl_tls12_server.c:2381: |3| server hello, total extension length: 5
ssl_msg.c:2788: |2| => write handshake message
ssl_msg.c:2422: |2| => ssl_flight_append
ssl_msg.c:2457: |2| <= ssl_flight_append
ssl_msg.c:2909: |2| <= write handshake message
ssl_tls12_server.c:2395: |2| <= write server hello
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 3
ssl_tls.c:6915: |2| => write certificate
ssl_tls.c:6918: |2| <= skip write certificate
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 4
ssl_tls12_server.c:3223: |2| => write server key exchange
ssl_tls12_server.c:3243: |2| <= skip write server key exchange
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 5
ssl_tls12_server.c:2432: |2| => write certificate request
ssl_tls12_server.c:2445: |2| <= skip write certificate request
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 6
ssl_tls12_server.c:3314: |2| => write server hello done
ssl_msg.c:0518: |3| update timeout value to 1000 millisecs
ssl_msg.c:0291: |3| set_timer to 1000 ms
ssl_msg.c:2788: |2| => write handshake message
ssl_msg.c:2422: |2| => ssl_flight_append
ssl_msg.c:2457: |2| <= ssl_flight_append
ssl_msg.c:2909: |2| <= write handshake message
ssl_msg.c:2539: |2| => mbedtls_ssl_flight_transmit
ssl_msg.c:2542: |2| initialise flight transmission
ssl_msg.c:2489: |3| skip swap epochs
ssl_msg.c:2643: |3| dumping 'handshake header' (12 bytes)
ssl_msg.c:2643: |3| 0000:  02 00 00 4d 00 01 00 00 00 00 00 4d              ...M.......M
ssl_msg.c:2948: |2| => write record
ssl_msg.c:3032: |3| output record: msgtype = 22, version = [254:253], msglen = 89
ssl_msg.c:3072: |2| Still 16282 bytes available in current datagram
ssl_msg.c:3085: |2| <= write record
ssl_msg.c:2643: |3| dumping 'handshake header' (12 bytes)
ssl_msg.c:2643: |3| 0000:  0e 00 00 00 00 02 00 00 00 00 00 00              ............
ssl_msg.c:2948: |2| => write record
ssl_msg.c:3032: |3| output record: msgtype = 22, version = [254:253], msglen = 12
ssl_msg.c:3072: |2| Still 16257 bytes available in current datagram
ssl_msg.c:3085: |2| <= write record
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2372: |2| message length: 25, out_left: 127
ssl_msg.c:2379: |2| ssl->f_send() returned 127 (-0xffffff81)
ssl_msg.c:2406: |2| <= flush output
ssl_msg.c:0291: |3| set_timer to 1000 ms
ssl_msg.c:2684: |2| <= mbedtls_ssl_flight_transmit
ssl_tls12_server.c:3341: |2| <= write server hello done
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 7
ssl_tls.c:7510: |2| => parse certificate
ssl_tls.c:7514: |2| <= skip parse certificate
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 8
ssl_tls12_server.c:3639: |2| => parse client key exchange
ssl_msg.c:4122: |2| => read record
ssl_msg.c:4221: |2| => ssl_load_buffered_message
ssl_msg.c:4289: |2| Next handshake message 2 not or only partially bufffered
ssl_msg.c:4297: |2| <= ssl_load_buffered_message
ssl_msg.c:2160: |2| => fetch input
ssl_msg.c:2206: |2| in_left: 0, nb_want: 13
ssl_msg.c:2245: |3| f_recv_timeout: 1000 ms
ssl_msg.c:0323: |1| => mbedtls_ssl_check_record
ssl_msg.c:0324: |3| dumping 'record buffer' (103 bytes)
ssl_msg.c:0324: |3| 0000:  16 fe fd 00 00 00 00 00 00 00 02 00 17 10 00 00  ................
ssl_msg.c:0324: |3| 0010:  0b 00 02 00 00 00 00 00 0b 00 09 64 65 76 69 63  ...........devic
ssl_msg.c:0324: |3| 0020:  65 30 30 31 14 fe fd 00 00 00 00 00 00 00 03 00  e001............
ssl_msg.c:0324: |3| 0030:  01 01 16 fe fd 00 01 00 00 00 00 00 00 00 28 00  ..............(.
ssl_msg.c:0324: |3| 0040:  01 00 00 00 00 00 00 43 d5 56 87 c8 5f ee d7 be  .......C.V.._...
ssl_msg.c:0324: |3| 0050:  b1 de aa 31 56 88 bb 9e 3f c9 46 ae a9 aa c9 a3  ...1V...?.F.....
ssl_msg.c:0324: |3| 0060:  b2 60 08 88 07 d4 fd                             .`.....
ssl_msg.c:3869: |3| input record: msgtype = 22, version = [0x303], msglen = 23
ssl_msg.c:0365: |1| <= mbedtls_ssl_check_record
ssl_msg.c:0323: |1| => mbedtls_ssl_check_record
ssl_msg.c:0324: |3| dumping 'record buffer' (103 bytes)
ssl_msg.c:0324: |3| 0000:  16 fe fd 00 00 00 00 00 00 00 02 00 17 10 00 00  ................
ssl_msg.c:0324: |3| 0010:  0b 00 02 00 00 00 00 00 0b 00 09 64 65 76 69 63  ...........devic
ssl_msg.c:0324: |3| 0020:  65 30 30 31 14 fe fd 00 00 00 00 00 00 00 03 00  e001............
ssl_msg.c:0324: |3| 0030:  01 01 16 fe fd 00 01 00 00 00 00 00 00 00 28 00  ..............(.
ssl_msg.c:0324: |3| 0040:  01 00 00 00 00 00 00 43 d5 56 87 c8 5f ee d7 be  .......C.V.._...
ssl_msg.c:0324: |3| 0050:  b1 de aa 31 56 88 bb 9e 3f c9 46 ae a9 aa c9 a3  ...1V...?.F.....
ssl_msg.c:0324: |3| 0060:  b2 60 08 88 07 d4 fd                             .`.....
ssl_msg.c:3869: |3| input record: msgtype = 22, version = [0x303], msglen = 23
ssl_msg.c:0365: |1| <= mbedtls_ssl_check_record
ssl_msg.c:2254: |2| ssl->f_recv(_timeout)() returned 103 (-0xffffff99)
ssl_msg.c:2345: |2| <= fetch input
ssl_msg.c:3869: |3| input record: msgtype = 22, version = [0x303], msglen = 23
ssl_msg.c:4864: |3| more than one record within datagram
ssl_msg.c:3242: |3| handshake message: msglen = 23, type = 16, hslen = 23
ssl_msg.c:4194: |2| <= read record
ssl_tls.c:6529: |2| => derive keys
ssl_tls.c:6512: |3| dumping 'premaster secret' (32 bytes)
ssl_tls.c:6512: |3| 0000:  00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
ssl_tls.c:6512: |3| 0010:  00 0e 73 75 70 65 72 73 65 63 72 65 74 6b 65 79  ..supersecretkey
ssl_tls.c:8261: |3| ciphersuite = TLS-PSK-WITH-AES-128-CCM-8
ssl_tls.c:8263: |3| dumping 'master secret' (48 bytes)
ssl_tls.c:8263: |3| 0000:  9a 96 4f e6 f6 26 fd d0 e3 83 18 30 dc 2c c0 23  ..O..&.....0.,.#
ssl_tls.c:8263: |3| 0010:  6b f9 30 85 7e 63 9e 0e 30 81 17 5c 62 72 04 9f  k.0.~c..0..\br..
ssl_tls.c:8263: |3| 0020:  7b 70 9c d2 85 41 3b c1 b7 a6 43 0b c8 ea 8c 6d  {p...A;...C....m
ssl_tls.c:8385: |3| keylen: 16, minlen: 16, ivlen: 12, maclen: 0
ssl_tls.c:6580: |2| <= derive keys
ssl_tls12_server.c:4046: |2| <= parse client key exchange
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 9
ssl_tls12_server.c:4084: |2| => parse certificate verify
ssl_tls12_server.c:4087: |2| <= skip parse certificate verify
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 10
ssl_msg.c:5146: |2| => parse change cipher spec
ssl_msg.c:4122: |2| => read record
ssl_msg.c:2160: |2| => fetch input
ssl_msg.c:2195: |2| next record in same datagram, offset: 36
ssl_msg.c:2206: |2| in_left: 67, nb_want: 13
ssl_msg.c:2214: |2| <= fetch input
ssl_msg.c:3869: |3| input record: msgtype = 20, version = [0x303], msglen = 1
ssl_msg.c:4864: |3| more than one record within datagram
ssl_msg.c:4194: |2| <= read record
ssl_msg.c:5167: |3| switching to new transform spec for inbound data
ssl_msg.c:5194: |2| <= parse change cipher spec
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2367: |2| <= flush output
ssl_tls12_server.c:4290: |2| server state: 11
ssl_tls.c:7968: |2| => parse finished
ssl_tls.c:7688: |2| => calc finished tls
ssl_tls.c:7715: |3| dumping 'calc finished result' (12 bytes)
ssl_tls.c:7715: |3| 0000:  e0 4f 35 e4 9a 43 b9 ee 12 68 74 8e              .O5..C...ht.
ssl_tls.c:7719: |2| <= calc finished
ssl_msg.c:4122: |2| => read record
ssl_msg.c:2160: |2| => fetch input
ssl_msg.c:2195: |2| next record in same datagram, offset: 14
ssl_msg.c:2206: |2| in_left: 53, nb_want: 13
ssl_msg.c:2214: |2| <= fetch input
ssl_msg.c:3869: |3| input record: msgtype = 22, version = [0x303], msglen = 40
ssl_msg.c:1514: |2| => decrypt buf
ssl_msg.c:1650: |1| mbedtls_cipher_auth_decrypt_ext() returned -25344 (-0x6300)
ssl_msg.c:3998: |1| ssl_decrypt_buf() returned -29056 (-0x7180)
ssl_msg.c:5103: |2| => send alert message
ssl_msg.c:5104: |3| send alert level=2 message=20
ssl_msg.c:2948: |2| => write record
ssl_msg.c:3032: |3| output record: msgtype = 21, version = [254:253], msglen = 2
ssl_msg.c:2358: |2| => flush output
ssl_msg.c:2372: |2| message length: 15, out_left: 15
ssl_msg.c:2379: |2| ssl->f_send() returned 15 (-0xfffffff1)
ssl_msg.c:2406: |2| <= flush output
ssl_msg.c:3085: |2| <= write record
ssl_msg.c:5115: |2| <= send alert message
ssl_msg.c:4153: |1| ssl_get_next_record() returned -29056 (-0x7180)
ssl_tls.c:7976: |1| mbedtls_ssl_read_record() returned -29056 (-0x7180)
ssl_tls.c:3930: |2| <= handshake
 failed
  ! mbedtls_ssl_handshake returned -0x7180

Last error was: -29056 - SSL - Verification of the message MAC failed
Fullscreen wireshark.log Download 
No.	Time	Source	Destination	Protocol	Length	Info
1	0.000000			AT	30	Sent AT Command: AT%XMODEMTRACE=1,2
2	0.001068			AT	16	Rcvd AT Command: OK  
3	0.001526			AT	20	Sent AT Command: AT+CMEE?
4	0.001526			AT	26	Rcvd AT Command: +CMEE: 0  OK  
5	0.007995			AT	21	Sent AT Command: AT+CMEE=1
6	0.007995			AT	16	Rcvd AT Command: OK  
7	0.008453			AT	19	Sent AT Command: AT%CMNG
8	0.094726			AT	21	Rcvd AT Command: Sensitive
9	0.101806			AT	21	Sent AT Command: AT+CMEE=0
10	0.101837			AT	16	Rcvd AT Command: OK  
11	0.110229			AT	35	Sent AT Command: AT%XCOEX0=1,1,1565,1586
12	0.110412			AT	16	Rcvd AT Command: OK  
13	0.111084			AT	34	Sent AT Command: AT%XSYSTEMMODE=1,1,1,3
14	0.111358			AT	16	Rcvd AT Command: OK  
15	0.111999			AT	28	Sent AT Command: AT%FEACONF=0,3,1
16	0.112030			AT	16	Rcvd AT Command: OK  
17	0.118744			AT	21	Sent AT Command: AT+CFUN=4
18	0.119201			AT	16	Rcvd AT Command: OK  
19	1.128448			AT	20	Sent AT Command: AT+CMEE?
20	1.128479			AT	26	Rcvd AT Command: +CMEE: 0  OK  
21	1.134979			AT	21	Sent AT Command: AT+CMEE=1
22	1.135009			AT	16	Rcvd AT Command: OK  
23	1.135498			AT	19	Sent AT Command: AT%CMNG
24	1.165558			AT	21	Rcvd AT Command: Sensitive
25	1.172088			AT	21	Sent AT Command: AT+CMEE=0
26	1.172119			AT	16	Rcvd AT Command: OK  
27	1.172821			AT	19	Sent AT Command: AT%CMNG
28	1.263946			AT	16	Rcvd AT Command: OK  
29	1.264679			AT	19	Sent AT Command: AT%CMNG
30	1.336212			AT	16	Rcvd AT Command: OK  
31	1.336700			AT	20	Sent AT Command: AT+CMEE?
32	1.336731			AT	26	Rcvd AT Command: +CMEE: 0  OK  
33	1.343200			AT	21	Sent AT Command: AT+CMEE=1
34	1.343231			AT	16	Rcvd AT Command: OK  
35	1.343750			AT	19	Sent AT Command: AT%CMNG
36	1.416443			AT	16	Rcvd AT Command: OK  
37	1.416900			AT	21	Sent AT Command: AT+CMEE=0
38	1.416931			AT	16	Rcvd AT Command: OK  
39	1.417389			AT	20	Sent AT Command: AT+CMEE?
40	1.417389			AT	26	Rcvd AT Command: +CMEE: 0  OK  
41	1.417877			AT	21	Sent AT Command: AT+CMEE=1
42	1.417907			AT	16	Rcvd AT Command: OK  
43	1.418426			AT	19	Sent AT Command: AT%CMNG
44	1.492096			AT	16	Rcvd AT Command: OK  
45	1.492553			AT	21	Sent AT Command: AT+CMEE=0
46	1.492584			AT	16	Rcvd AT Command: OK  
47	1.493042			AT	19	Sent AT Command: AT%CMNG
48	1.522918			AT	21	Rcvd AT Command: Sensitive
49	1.529724			AT	20	Sent AT Command: AT+CFUN?
50	1.529815			AT	26	Rcvd AT Command: +CFUN: 4  OK  
51	1.530212			AT	21	Sent AT Command: AT+CFUN=1
52	1.569549			AT	16	Rcvd AT Command: OK  
53	3.570037			AT	19	Sent AT Command: AT+CPIN
54	3.570037			AT	32	Rcvd AT Command: +CPIN: SIM PIN  OK  
55	3.570556			AT	19	Sent AT Command: AT+CPIN
56	3.605163			AT	16	Rcvd AT Command: OK  
57	4.068695			LTE RRC BCCH_BCH	28	MasterInformationBlock (SFN=150)
58	4.072631			LTE RRC DL_SCH	117	SystemInformationBlockType1
59	4.076690			LTE RRC DL_SCH	103	SystemInformation [ SIB2 ]
60	4.080780			NAS-EPS	118	Attach request, PDN connectivity request
61	4.082977			LTE RRC UL_CCCH	30	RRCConnectionRequest
62	4.136902			LTE RRC DL_CCCH	74	RRCConnectionSetup
63	4.138275			LTE RRC UL_DCCH/NAS-EPS	131	RRCConnectionSetupComplete, Attach request, PDN connectivity request
64	4.184967			LTE RRC DL_DCCH/NAS-EPS	30	DLInformationTransfer, Identity request
65	4.185028			NAS-EPS	19	Identity request
66	4.185058			NAS-EPS	27	Identity response
67	4.185180			LTE RRC UL_DCCH/NAS-EPS	38	ULInformationTransfer, Identity response
68	4.265960			LTE RRC DL_DCCH/NAS-EPS	63	DLInformationTransfer, Authentication request
69	4.266052			NAS-EPS	52	Authentication request
70	4.319854			NAS-EPS	27	Authentication response
71	4.319976			LTE RRC UL_DCCH/NAS-EPS	38	ULInformationTransfer, Authentication response
72	4.423034			LTE RRC DL_DCCH/NAS-EPS	41	DLInformationTransfer, Security mode command
73	4.423095			NAS-EPS	30	Security mode command
74	4.424957			NAS-EPS	29	Security mode complete
75	4.425171			LTE RRC UL_DCCH/NAS-EPS	46	ULInformationTransfer, Ciphered message(DTAP) (TP) 
76	5.197021			LTE RRC DL_DCCH	27	SecurityModeCommand
77	5.198791			LTE RRC UL_DCCH	26	SecurityModeComplete
78	5.294006			LTE RRC DL_DCCH	55	UECapabilityEnquiry
79	5.296051			LTE RRC UL_DCCH	150	UECapabilityInformation
80	5.405334			LTE RRC DL_DCCH/NAS-EPS	262	RRCConnectionReconfiguration, Ciphered message
81	5.406829			LTE RRC UL_DCCH	26	RRCConnectionReconfigurationComplete
82	5.407318			NAS-EPS	189	Ciphered message, Attach accept, Activate default EPS bearer context request (PDN type IPv4 only allowed)
83	5.407928			NAS-EPS	23	Attach complete, Activate default EPS bearer context accept
84	5.408416			LTE RRC UL_DCCH/NAS-EPS	40	ULInformationTransfer, Ciphered message
85	5.466034			LTE RRC DL_DCCH/NAS-EPS	54	DLInformationTransfer, Ciphered message
86	5.466156			NAS-EPS	43	Ciphered message, EMM information
87	5.527191			LTE RRC DL_DCCH	37	RRCConnectionReconfiguration
88	5.527954			LTE RRC UL_DCCH	26	RRCConnectionReconfigurationComplete
89	6.613861			AT	19	Sent AT Command: AT+CPIN
90	6.613891			AT	30	Rcvd AT Command: +CPIN: READY  OK  
91	6.614410			AT	21	Sent AT Command: AT+CEREG?
92	6.614563			AT	49	Rcvd AT Command: +CEREG: 0,1,"057D","01017406",7  OK  
93	6.615204	10.59.113.242	193.5.23.8	DNS	77	Standard query 0x5be0 A GIMSServer.mooo.com
94	6.856903	193.5.23.8	10.59.113.242	DNS	93	Standard query response 0x5be0 A GIMSServer.mooo.com A 84.55.253.71
95	6.862365	10.59.113.242	84.55.253.71	DTLSv1.2	176	Client Hello (SNI=GIMSServer.mooo.com)
96	6.963287	84.55.253.71	10.59.113.242	DTLSv1.2	100	Hello Verify Request
97	6.964080	10.59.113.242	84.55.253.71	DTLSv1.2	208	Client Hello (SNI=GIMSServer.mooo.com)
98	7.144317	84.55.253.71	10.59.113.242	DTLSv1.2	167	Server Hello, Server Hello Done
99	7.150390	10.59.113.242	84.55.253.71	DTLSv1.2	143	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
100	7.251312	84.55.253.71	10.59.113.242	DTLSv1.2	55	Alert (Level: Fatal, Description: Bad Record MAC)
101	8.583343			LTE RRC DL_DCCH	38	RRCConnectionRelease [cause=other]
102	8.672821			LTE RRC DL_SCH	117	SystemInformationBlockType1
103	8.673462			LTE RRC DL_SCH	103	SystemInformation [ SIB2 ]
wireshark_log.pcapng

Can anybody help us to overcome this issue which is becoming a blocking point for us.
Thanks in advance, Joel 

  • +1

    The problem has been resolved! The root cause of the problem was that  we entered the key in clear text on nRF9151.

    We were using:  err = modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PSK, "supersecretkey",
    strlen("supersecretkey"));

    instead of:

    err = modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PSK, "73757065727365637265746B6579",
    strlen("73757065727365637265746B6579"));

    As soon as we entered the key in hex the DTLS handshake succeeded.

    Cheers, Joel

Related
Terms of service