Topic: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)
I am trying to connect an embedded device to smtp.gmail.com:465 using tls1.2 with WolfSSL. The library creates and sends the following clientHello message and receives a handshake failure.
16 03 03 00 4f 01 00 00 4b 03 03 2e 2a ec 85 7f
15 dd 09 5f 22 d1 53 82 60 d7 80 67 28 aa 67 48
ce f0 71 ab 63 d0 b2 3e 55 3a 05 00 00 14 c0 27
c0 23 c0 0a c0 09 c0 07 c0 08 c0 14 c0 13 c0 11
c0 12 01 00 00 0e 00 0d 00 0a 00 08 04 03 02 03
04 01 02 01
Here is the received message;
15 03 03 00 02 02 28
As can be seen in the wireshark screenshot in the attachment, the following cipher suites are supported by the client;
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
>>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
>>TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
...and the following signature algorithms are supported by the client (please see hexadecimal part at the bottom of the screenshot, wireshark does not decode signature algorithms)
04 03: SHA256 EDCSA
02 03: SHA1 EDCSA
04 01: SHA256 RSA
02 01: SHA1 RSA
On the other hand, smtp.gmail.com supports the following cipher suites; (This is obtained by running script here)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>>TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
As can be seen above, these two suites match.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
And, I've checked the certificate in here (use "smtp.gmail.com:465") and got this:
Signature algorithm = SHA256 + RSA (excellent)
This matches as well
According to RFC
Reception of a handshake_failure alert message indicates that the
sender was unable to negotiate an acceptable set of security
parameters given the options available. This is a fatal error.
As far as I understand, there exists other reasons than cipher suite and signature algorithm mismatch for handshake_failure or I am missing something very big. I am looking for the reason of the failure but I am unable to find. I would be grateful for any help or any idea. What can be the cause of handshake_failure and how can I solve this?
Thank you
Semih.