Mbed TLS Handshake retransmission issue - PC based client and STM32H7 based server
I am working on setting up a USB based secure communication between PC as client and STM32H753 microcontroller running a SSL Server. The network stack used is LwIP and Mbed TLS (TLS v1.2) is used for the secure communication layer. I adapted this using the SSL_Server example available and used the ssl_client1.c available with the MbedTLS for the PC-based app.
I am facing an issue where the Client sends a Hello and the server seems to receive it. But I expect a TCP ACK to be sent back immediately after its reception, which does not happen right away, resulting in the Client trying to retransmit the Client Hello multiple times.
The server runs into the following error in the meantime:
. Last error was: -29312 - SSL - The connection indicated an EOF
But it still sends everything together eventually after some time delay (caused due to the RSA private key operation), but I am afraid if these could break something else in the future. I am using the altcp_write(), altcp_output() functions to write data out.
Are there any hints on what mistake I am making here?
Attaching screenshots of Wireshark traces, PC based loopback test where everything is fine:
PC to STM32H7 communication which has issues
I was able to solve this myself. I was handshaking inside the receive callback on the server side, causing the tcp_output() to never send data on time. I moved it out to a different routine and cleaned up the code to fix it.
The question can be closed.
- mbedtls AES 128 ECB mode encryption give wrong results
- Mbed TLS: in-place en-/decryption for OAEP doesn't seem to work
- How to build mbedtls for arm gcc
- MBEDTLS_ERR_NET_INVALID_CONTEXT Error in mbedtls. Epoll gives EPOLLIN event notification when no data is available to read with TLS
- mbedTLS adding to the project
- Mbed TLS Handshake retransmission issue - PC based client and STM32H7 based server
- Can only encrypt input up until 21 bytes at a time
- ECDSA signature generated with mbedtls not verifiable in JOSE (while code worked with RSA key)
- mbedTLS ECDSA verification fails
- read subject key identifier extension with mbedTLS
- why aes encryption result from mbedtls is different than java and online tool result?
- Linking to mbedtls libraries
- Python - XY colour values not sending correctly using Philips Hue Entertainment API (via DTLS/PSK)
- mbedtls Application Record Size
- mbedtls: How to transfer and load public key as raw bytes
- mbedtls DER formatted certificate chain verification
- Security-related question regarding private key in repo for localhost
- mbedtls cannot parse valid x509 certificate
- What determines the cipher suite?
- Mbedtls_pk_parse_public_key returns 0xfffffff0 with secp256k1 public key
- Different AES-256 encryption output between mbedtls and openssl
- trying to build mbedtls on windows using cmake
- How can I verify with mbedtls, that a cert validates a key?
- STM32Cube_FW_F7 SSL client mbedTLS FATAL_ALERT
- RSA signature generated with mbedtls, can't verify with C# (bouncycastle) application
- JITP cert not created with mbedTLS+ATECC608A (works with moquitto_pub)
- MbedTLS and .NET BouncyCastle interoperability issue with Curve25519
- Is it possible to include PolarSSL and OpenSSL in the same project?
- Parse a ECC private key buffer
- How to properly use the aes cbc api from mbedtls