Fails to connect due to empty Cipher Suit list

[GagiBik]

My Particle Boron with Particle OS 4.2/5.1/5.2 fails to connect to the broker, Debug shows that there is no Cipher Suites sent in the Client hello. Here is the debug print out. Thank you for your support.

[hirotakaster]

Hi, @GagiBik

Try comment out & build on mbedtls_config.h (lib/MQTT-TLS/src/mbedtls/include/mbedtls/mbedtls_config.h , line 1466)
// #define MBEDTLS_SSL_RENEGOTIATION

Thank you.

[GagiBik]

Hi Hirotakaster,
Thank you for the reply.
I tried accordingly but still getting the same error from the broker, "failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher."
I am not sure that the Particle Workbench is loading the mbedtls_config.h properly or not.

[GagiBik]

Hello,
Is there any documentation so that I can debug in deep to solve this problem?
Thank you

[hirotakaster]

@GagiBik
What's broker do you use now?
I checked the mosquitto, AWS, Azure IoT is Okay.

I think that your error is TLS algorithm miss-match with MQTT server and MQTT-TLS clients.

[GagiBik]

@hirotakaster
Thank you for your reply.
I am using Mosquitto on Linode cloud server. I can connect using the desktop MQTTX client with TLS.
I found some of our old Particle devices (different application) were also connected to the same broker using TLS, but don't know which mqtt library was used.
The code branch I got to start with, failed to connect from the beginning. It could not connect to the TCP service also.
Then I've changed the Particle OS configuration from AUTO to MNAUAL and Thread DISABLED. After that everything is working fine accept the TLS.

For Algorithm miss-match, I found that the device (Particle Boron) is not sending any Cypher Suit information.
Here is the TCP dump,

And here is the TCP dump for a successful TLS connection, to the same server-

[hirotakaster]

Hi @GagiBik
I don't check ’Thread Enable’ with lastest Particle OS, so maybe caused by that setting.
But it's strange that the cipher list isn't sent, cipher list setting in mbed_tls.h is worng or somethng...
Anyway, if it worked, that Okay.

[GagiBik]

Hi Hirotakaster
I tested with enabling the thread, but still the same. About the config file, i found mbedtsl_config.h instead of mbed_tsl.h.
Is it possible to get a cofig file that works perfectly with boron?

Thank you

[GagiBik]

@GagiBik What's broker do you use now? I checked the mosquitto, AWS, Azure IoT is Okay.

I think that your error is TLS algorithm miss-match with MQTT server and MQTT-TLS clients.

Hello Hirotakaster,
May I know which particle device, OS version, and particle tools you used it successfully?
I am still struggling to make it happen.

Thanks

[hirotakaster]

@GagiBik
Now I test with Argon/Photon2, Device OS 6.1.0, MQTT-TLS 0.2.27, AWS IoT/test.mosquitto.org work well.
You should try running a sample code (a1/a2) first.

[GagiBik]

@hirotakaster
I got a P2, and trying to compile a1 example. One thing I did not care a lot which is, VSCode gives an error "cannot open source file "<mbedtls_config.h>" (dependency of "MQTT-TLS.h") C/C++(1696)", but it compiles. Is it something that actually can not configure the TLS properly?

Thanks.

[hirotakaster]

@GagiBik
My VScode Particle Workbench don't output that error.
Use sample code and check your setting.

[GagiBik]

@hirotakaster
Thank you for the reply. I can use other libraries without any issue.
Note that, VSCode still compiles it with the error, but somehow it is missing (may be) the configuration settings from the mbedtls_config.h.

I'll try using VSCode in another pc.

Regards

[hirotakaster]

@GagiBik
Of course, other library could compile.
Problem is MQTT-TLS lib and sample code can compile in VScode(Win/Mac/Ubuntu) and Paritcle cloud compile with no error.
mbedtls_config.h is default is okay.
So I think problem is your envirnment.