Topic: [SOLVED] WolfSSL error 308 connecting to thingsboard (mqtt over tls)

Hi,

I am trying to use wolfssl on an embedded system (esp8266) to connect to thingsboard (mqtt over tls).
Unfortunately, I get a -308 error at the end of the handshake after cipher suite change.
I am not sure what is causing Embed Send to fail.

You can find the error log attached.

-
zer

Post's attachments

err.log 17.11 kb, 2 downloads since 2020-02-25 

You don't have the permssions to download the attachments of this post.

Share

Re: [SOLVED] WolfSSL error 308 connecting to thingsboard (mqtt over tls)

Hi Naveen,

Can you tell us a bit about what it is you are working on and which organization you represent so we can better track this inquiry? Thank you in advance!

Several things can lead to the peer shutting down without warning. In this case it appears to be the server hanging up on the client as soon as the client sends the change cipher spec. Several things can cause this, would it be possible for you to capture a wireshark trace of the failure and send us the .pcap for review?

Warm Regards,

K

Re: [SOLVED] WolfSSL error 308 connecting to thingsboard (mqtt over tls)

Hi,

I am working on an mqtt gateway and regarding where I work (is it alright if we can talk about this in private smile ). I have attached the pcap file that I captured using tcpdump here. Please let me know if there is anything else you need from my end. Just wondering, could this issue be related with incompatibility between cipher suites available on both ends?
-
zer

Post's attachments

file.pcap 6.54 kb, 1 downloads since 2020-02-26 

You don't have the permssions to download the attachments of this post.

Share

Re: [SOLVED] WolfSSL error 308 connecting to thingsboard (mqtt over tls)

Naveen,

regarding where I work (is it alright if we can talk about this in private

Yes of course! Our official support channel is support [at] wolfssl [dot] com (which forwards to our zendesk domain) or you can reach us through zendesk directly at https://wolfssl.zendesk.com for best response times and so we can properly prioritize support by organization.

Thank you for the pcap. Notice how the connection starts out at packet 9 (roughly time 21.64 seconds since the first packet was captured). Notice how the certificate verify isn't sent until 34.859 time. So it took roughly 13.34 seconds from client hello to certificate verify, it could possibly be a timeout. Do you know what timeout is set to on the peer?

I do not believe this is a cipher suite mismatch out of the gate (the peer would have hung up after the client hello instead of proceeding through the rest of the handshake if it was an outright mismatch).

However this does appear to be doing mutual authentication since I see a cert from the client to the peer in packet 15. It could be one of the sides just doesn't have the right cert loaded to verify with.

Can you tell me if this is a test using two wolfSSL end-points or is only one side of this connection using wolfSSL? Was this one of our default examples from wolfssl-4.3.0/examples/ directory or a different test application? If it was one of our examples what command was used to test? Can I replicate the failure on my end?


Warm Regards,

K