Other Parts Discussed in Thread: J721EXCPXEVM
Hi,
I am currently working on the Jacinto 7 TDA4VM with the J721EXCPXEVM board.
My OS is the one provided by TI: arago version 2020.05
I am having some troubles accessing any service using the protocol TLS 1.2 (and I need to access such a service)
Basically, every time I try to access it, the command freeze and there is nothing I can do (not even ctrl + c).
Here is an example of accessing google.com using TLS 1.2:
$ curl -vvv --tlsv1.2 --tls-max 1.2 --ipv4 https://google.com:443 * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
And there I cannot do anything.
I tried with TLS 1.3 and it works! But I need TLS 1.2...
$ curl -vvv --tlsv1.3 --tls-max 1.3 --ipv4 https://google.com:443 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): > GET / HTTP/1.1 > Host: google.com > User-Agent: curl/7.69.1 > Accept: */* ...
After some investigations, it looks like the handshake is blocked because the board never send any client key or certificate.
Here is the full output of an openssl connection attempt ("..." mean I remove some line which are just a description of the bit exchanged)
# openssl s_client -connect google.com:443 -tls1_2 -debug -state CONNECTED(00000004) SSL_connect:before SSL initialization write to 0x17046f60 [0x170557e0] (213 bytes => 213 (0xD5)) 0000 - 16 03 01 00 d0 01 00 00-cc 03 03 dc 4a 59 b0 e8 ............JY.. ... SSL_connect:SSLv3/TLS write client hello read from 0x17046f60 [0x1704c543] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 3f ....? read from 0x17046f60 [0x1704c548] (63 bytes => 63 (0x3F)) 0000 - 02 00 00 3b 03 03 5f 84-69 10 57 7d d4 73 53 a2 ...;.._.i.W}.sS. ... SSL_connect:SSLv3/TLS write client hello read from 0x17046f60 [0x1704c543] (5 bytes => 5 (0x5)) 0000 - 16 03 03 0d d0 ..... read from 0x17046f60 [0x1704c548] (3536 bytes => 3536 (0xDD0)) 0000 - 0b 00 0d cc 00 0d c9 00-09 75 30 82 09 71 30 82 .........u0..q0. ... SSL_connect:SSLv3/TLS read server hello depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com verify return:1 read from 0x17046f60 [0x1704c543] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 73 ....s read from 0x17046f60 [0x1704c548] (115 bytes => 115 (0x73)) 0000 - 0c 00 00 6f 03 00 1d 20-29 78 61 3b 77 e8 5f d5 ...o... )xa;w._. ... ... SSL_connect:SSLv3/TLS read server certificate read from 0x17046f60 [0x1704c543] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 04 ..... read from 0x17046f60 [0x1704c548] (4 bytes => 4 (0x4)) 0000 - 0e 00 00 00 .... SSL_connect:SSLv3/TLS read server key exchange SSL_connect:SSLv3/TLS read server done
And from here I am stuck and nothing happen (I can't even ctrl + C)
Do you have any ideas what the problem can be ?
I have tried the same commands on my PC connected to the same networks and they all works fine.
Thank you for your help.
Adrien
