• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Subscribers 98 subscribers
  • Views 1429 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

RTOS/TM4C129CNCPDT: HTTPS POST error on ek-tm4c129exl crypto connected launchpad (TI-RTOS)

Akshat Mehra
Prodigy 40 points
Part Number: TM4C129CNCPDT


Tool/software: TI-RTOS

I am trying to POST data to an HTTPS server by modifying the HTTPS GET example code over Ethernet that uses WolfSSL library.

But API   HTTPCli_sendRequest()   always returns error -103  which results in socket error of -308 (error state on socket) to run the 

I am using the correct Root CA for the server and API   HTTPCli_connect()  is always successful.

I have tried  to connect with a non-HTTPS version of the same above server and it works fine.

I have also tried the same POST code on other servers and it also works fine

My queries are:

- What more info can I get on error -308 (error state on socket) as this is the only string I could find on wolfSSL manual.

-  If API  HTTPCli_connect() is a success, does this mean that SSL handshake between my board and server is successful or not?

- How to enable and capture logs (may be wireshark logs) and WolfSSL logs to pin-point the exact issue.

Thanks,
Akshat

  

  • 0
    TI__Expert 5825 points

    Hi Akshat,

    Here's something that may help and the answer to your questions:

    • I have also tried the same POST code on other servers and it also works fine

    Can you compare the key size and other information between the Root CA of the two servers. I am guessing the Root CA may have some cipher or key size that may not have been supported in the wolfSSL build that you are linking with. You may have to rebuild wolfSSL with the required defines to enable the ciphers/key sizes (check wolfSSL manual for the defines).

    • What more info can I get on error -308 (error state on socket) as this is the only string I could find on wolfSSL manual.

    Since this question is directly related to wolfSSL, we would recommend posting on the wolfSSL forums (https://www.wolfssl.com/forums/).

    • If API  HTTPCli_connect() is a success, does this mean that SSL handshake between my board and server is successful or not?

    HTTPCli_connect() just creates a connection to the end server. The actual SSL handshake is initiated the first time HTTPCli_sendRequest() is called.

    • How to enable and capture logs (may be wireshark logs) and WolfSSL logs to pin-point the exact issue.

    To enable wolfSSL debug logs, you will have to rebuild the wolfSSL library with -DDEBUG_WOLFSSL flag and in your code call wolfSSL_Debugging_ON() to enable logging to stderr (https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-8-debugging.html).

    Regarding wireshark setup, the network traffic from your device should be redirected to your PC running wireshark. The redirection can be done using a network switch and setting it up to mirror the traffic from port which is connected to device to the port that is connected to PC. Note, only part of the initial handshake is in plain text and rest of the data will be encrypted and cannot be deciphered on wireshark.

    Thanks,
    Gerardo

  • 0 in reply to Gerardo Gomez Martinez
    Prodigy 40 points
    Hi Gerardo,
    Appreciate your responses as I was able to bring-up the WolfSSL logs and see that the issue seems to be:


    During SSL handshake, the SSL server sends a connection close (may be a TCP reset) immediately after my TI board sends CLIENT_HELLO.


    Will be moving these queries to WolfSSL forum also, but have you any idea regarding the possible causes for the above situation?

    Another input is that I also tried to replicate the behaviour with openssl, but does not see the error and SSL handshake is always successful . The cipher suite that is negotiated between openssl and the problematic server is AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA)

    Please advise.

    Thanks for your support.
  • 0 in reply to Akshat Mehra
    TI__Expert 5825 points
    Akshat,

    Could you share your wireshark logs?

    Thanks,
    Gerardo
  • 0 in reply to Gerardo Gomez Martinez
    Prodigy 40 points

    Hi Gerardo,

    I don't have the wireshark logs but WolfSSL debug logs as of now.

    Attaching them for your opinion.

    Thanks for your support.

    Akshat 

    8081.WolfSSL_logs_1.txt

  • 0 in reply to Akshat Mehra
    Prodigy 40 points
    Hi Gerardo,

    I was able to solve the issue.
    It took good amount of debugging. My corporate's server is using the cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 which unfortunately was disabled in the latest release of WolfSSL.
    The cipher was not getting advertised in CLIENT_HELLO message and hence server closed the connection immediately.
    I enable the cipher with switch WOLFSSL_STATIC_RSA and everything worked like a charm.

    Thanks for all the help.
    Take care
  • 0 in reply to Akshat Mehra
    TI__Expert 5825 points
    Akshat,

    Great! Good to hear you were able to solve this.

    Thanks,
    Gerardo