CC3220SF: Secure MQTT Connection to AWS IoT Core TLS 1.3

Niranjan Gurung

Part Number: CC3220SF
Other Parts Discussed in Thread: UNIFLASH

Tool/software:

Hi,

I'm trying to establish a secure MQTT connection between TI's CC3220SF Launchpad and an AWS IoT Core broker. I've already followed most of the other threads relating to this issues, however, the solutions provided either don't work for me, or they seem to be dead ends.

I'm using the "mqtt_client_over_tls_1_3" demo project, TI-RTOS7, and SDK 7.10.00.13 as a base, and can't seem to get the secure connection to work.

I managed to get both an unsecure, as well as a secure connection working for mosquitto broker, which only uses a single certificate for verification, however AWS requires 3 files (root-CA.crt, client.cert.pem, private-key.private.key), and attempting to use them the same way doesn't seem to work.

Here are my current configurations and various things I've tried so far:

- AP_SSID and AP_PASSWORD set in "wifi_settings.h"

- using MQTT_QOS_0

- connection flags: MQTTCLIENT_NETCONN_URL | MQTTCLIENT_NETCONN_SEC | MQTTCLIENT_NETCONN_SKIP_CERTIFICATE_CATALOG_VERIFICATION

- port 8883

- flashing certificates using uniflash in userFiles (root directory)

- secure files: {"private-key.pem", "client-cert.cert.pem", "root-CA.pem", NULL}

using the above files in 'secure files', I get the following errors:
mbedtls_x509_crt_parse (remote root CA certificate):: root-CA.pem returned -8576

mbedtls_x509_crt_parse (local PEM certificate):: client-cert.cert.pem returned -8576

mbedtls_pk_parse_key (private key):: private-key.pem returned -15616

...

mbedtls SSL/TLS handshake failed..

...

connection failed: -3001

- I've also used the tried converting the certificates to .der files using the following commands:

openssl x509 -inform pem -in <CA_CERT_FILE_NAME> -outform der -out root-CA.der

openssl x509 -inform pem -in <CLIENT_CERT_FILE_NAME> -outform der -out client-cert.der

openssl pkcs8 -topk8 -in <PRIVATE_KEY_FILE_NAME> -inform pem -out private-key.der -outform der -nocrypt

Using the certificates in .der format, It now performs a successful SSL/TLS handshake and the certificate verification passes, however it gives me the following "mbedtls_ssl_read returned 0", followed by MQTT_EVENT-SERVER-DISCONNECT

- I've tested these certificates + private key with a test client called MQTT Explorer. I'm able to successfully connect and send/receive messages when using the certificates in their original format (.pem/.crt), however, connection fails when using them in .der format.

- AWS IoT Core thing is setup correctly and has policy attached.

- the policy itself is non restrictive, its set to accept all: { ..., "Action": "iot:*", "Resource": "*", ...}

- I have AWS cloudwatch logs setup for IoT Core and some logs shows that it does manage to connect, giving the following info:

{...., "status": "Success", "eventType": "Connect", "protocol": "MQTT", "clientId": "iotconsole-....", .... }

Despite the connection, it fails to send any messages through, and seems to disconnect right after.

From what I've gathered, I think the certificates are being parsed incorrectly, leading to a failed connection. If I attempt connection using .pem/.crt formats, it fails to parse the certificates, and if I use .der format, it gives me a mbed_ssl_read() returns 0 (which is when the peer/AWS closes the connection??).

Any help would be appreciated.

2 months ago

0 Shlomi Itzhak 2 months ago

TI__Guru 61015 points

Hi,

I would stick with the der format.

return code of 0 means that the other side (AWS server) closed the connection for some reason.

You are suing the external library TLS1.3. Any chance you can test with the internal TLS stack, i.e. the MQTT client example?

Also, an air sniffer could shed some light as well if possible.

Shlomi

0 Niranjan Gurung 2 months ago in reply to Shlomi Itzhak

Prodigy 10 points

Hi,

I've tried using the der format for connection, and as mentioned, they seem to pass the verification (handshake successful) but AWS closes the connection. I might be converting them incorrectly maybe? As when I test them using the MQTT Explorer client, it fails connection in .der format.

I can test more tomorrow with the MQTT client demo, and will get back to you if I make any progress.

0 Shlomi Itzhak 2 months ago in reply to Niranjan Gurung

TI__Guru 61015 points

the openssl commands to convert the certificates looks OK. You can also double click on those and see if Windows opens the certificate GUI.

As for the key, are you sure it is pkcs8? does the header of the pem version of the key starts with -----BEGIN PRIVATE KEY----- or -----BEGIN RSA PRIVATE KEY-----?

0 Niranjan Gurung 2 months ago in reply to Shlomi Itzhak

Prodigy 10 points

The header starts with "-----BEGIN RSA PRIVATE KEY-----". Although I have tried to convert it using the following command: openssl rsa -in <MY_PRIVATE_KEY>.private.key -out private-key.der -outform der.

This produces a certificate file for the key but trying to open it gives the following error:

Converting the client-cert to .der also produces a certificate file, which I can open, but it says windows can't verify it:

The only conversion that is seamless is the root certificate, which I can convert from .crt to .der, and it stays valid after the conversion.

0 Shlomi Itzhak 2 months ago in reply to Niranjan Gurung

TI__Guru 61015 points

The key is OK, it cannot be opened like a certificate.

According to the header, your key is an RSA, pkcs1. In the original thread you mentioned using pkcs8 which is not good but the one that you are using now to convert looks OK.

The issuer of the certificate probably does not exist in your Windows' catalog.

Although it is not the issue but you also need to make sure that the root CA is in the certificate catalog of cc3220. Can you share the root CA you are using?

Shlomi

0 Niranjan Gurung 2 months ago in reply to Shlomi Itzhak

Prodigy 10 points

I'm using the Amazon Root CA 1, which is the root ca that was provided when I initially setup IoT Core.

Here is the certificate:

I made sure that it doesn't have any excess whitespaces or new lines etc.

I've also been messing around with the mqtt_client demo (TLS 1.2), and I can't seem to get it working here either. On this version it doesn't even seem to perform the handshake, it just straight up gives a "connection failed: -458". I couldn't even connect to test.mosquitto.org securely (it worked on TLS 1.3), again it gave a - "connection failed: -461".

0 Niranjan Gurung 2 months ago in reply to Niranjan Gurung

Prodigy 10 points

Ok so I managed to get a successful connection using the mqtt_client demo (TLS 1.2). Turns out the certificates were fine and I just forgot to update the date/time defines. I tested it with both mosquitto and AWS - both connected successfully and was able to send messages through. However its still not working with the newer TLS 1.3 demo.

Not fully sure about the whole certificate catalog stuff. I added the certificate to my windows personal catalogue using this guide (not sure if this is correct of if it makes a difference): https://learn.microsoft.com/en-us/biztalk/adapters-and-accelerators/accelerator-swift/adding-certificates-to-the-certificates-store-on-the-client

I also tried linking the cert catalogue list file from my sdk, in uniflash:

When trying to flash it like this it throws the following error: FS_ERR_ROOT_CA_IS_UNKOWN, meaning it can't find the cert in the catalog? Not fully sure why, I've had a look at the catalogue list from TI's website and it includes the Amazon Root CA 1, which is what I'm using. I've even named it the same (saw similar thread that mentions naming convention matters?):

0 Shlomi Itzhak 2 months ago in reply to Niranjan Gurung

TI__Guru 61015 points

Hi,

I double checked and this root CA is indeed in the catalog.

The fact that you managed to connect with TLS 1.2 proves it.

When do you get the FS_ERR_ROOT_CA_IS_UNKOWN error? when you try to connect to the server? earlier?

Note that the catalog works the same regardless of what TLS is used.

Regards,

Shlomi

0 Niranjan Gurung 2 months ago in reply to Shlomi Itzhak

Prodigy 10 points

It happens when I try to program the image in uniflash after loading the cert catalogs from the sdk into the "trusted root-certificate catalog" section. At the end of the flashing process, it pops up with that error.

My main issue with TLS 1.3 is still the "mbedtls_ssl_read returned 0" message AFTER the successful handshake and cert verification, which from what I've read, is that the peer initiated the disconnect. I have my AWS policies pretty relaxed (purely for testing), and cloudwatch logs also shows that some connections are successful.

0 Shlomi Itzhak 2 months ago in reply to Niranjan Gurung

TI__Guru 61015 points

Hi,

There shouldn't be any difference between working on the internal TLS stack and an external TLS as far as the programming goes. Hence, I do not see how you get this error when programming and how come it works with the internal TLS stack. Is the Uniflash project the same on both cases? what is the difference?

As far as the error with TLS1.3, Maybe it is worth opening debug messages on the external TLS1.3 stack and understand why it fails.

The mechanism to debug is in slnetifwifi.c at the top. I would start by increasing the DEBUG_LEVEL to 3.

Do you see messages on the terminal?

Shlomi

0 Niranjan Gurung 2 months ago in reply to Shlomi Itzhak

Prodigy 10 points

Hi, yes the uniflash setup is the same for both projects. Just to note I've switched to flashing the projects using the built in functionality of CCS as appose to uniflash, but I'm pretty sure this makes no difference.

Here is the log output with debug level 3

[0;32m[WIFI::INFO]  [NETAPP EVENT] IP Acquired: IP=10.123.45.1 , Gateway=10.123.45.1

	============================================
	   MQTT client Example Ver: 2.0.3
	============================================

	 CHIP: 0x31000019
	 MAC:  2.7.0.0
	 PHY:  2.2.0.7
	 NWP:  3.22.0.1
	 ROM:  0
	 HOST: 3.0.1.71
	 MAC address: d4:36:39:8b:bf:07

	============================================
[0;32m[WIFI::INFO]  [SlWifiConnEventHandler] POWERED_UP 
[0;32m[WIFI::INFO]    MAC address: d4:36:39:8b:bf:7
[0;32m[WIFI::INFO]   [Event] STA connected to AP - BSSID:e6:63:da:a7:c1:5d, SSID:Grinsty Guest
[0;32m[WIFI::INFO]  [NETAPP EVENT] IP Acquired: IP=172.20.1.129 , Gateway=172.20.1.254
[SlNetConnEventHandler] I/F 1 - CONNECTED (IP LEVEL)!
[SlNetConnEventHandler] I/F 1 - CONNECTED (INTERNET LEVEL)!
[0;32m[SL-MBEDTLS::INFO]    . Connect on tcp/*/4433 ...

startSNTP: Current time: Wed Nov 20 14:00:15 2024

[0;32m[MQTT_APP::INFO]  Subscribed to all topics successfully

[0;32m[MQTT_APP::INFO]  Wi-Fi connection is UP
[0;32m[SL-MBEDTLS::INFO]  InitTlsSocket:: sd=1, pTlsSock=20006e70 slSock=1

[0;32m[SL-MBEDTLS::INFO]    . Connect on tcp/*/4433 ...

[0;32m[SL-MBEDTLS::INFO]   ConfigClientSocket: . Setting up the TLS data...

[0;32m[SL-MBEDTLS::INFO]  Performing the mbedTLS SSL/TLS handshake...
[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3790: 20006e70: => handshake


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_HELLO_REQUEST


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_CLIENT_HELLO


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0927: 20006e70: => write client hello


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0486: 20006e70: dumping 'client hello, random bytes' (32 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0486: 20006e70: 0000:  4d 37 1f 12 e0 a8 cb 6b 88 6f 5e 8a 4d 2d 51 72  M7.....k.o^.M-Qr


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0486: 20006e70: 0010:  a1 ac fc fb 3c 0b 71 da 01 92 b7 dd 01 eb e1 60  ....<.q........`


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0511: 20006e70: dumping 'session id' (32 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0511: 20006e70: 0000:  60 ba 95 55 1e 42 f7 32 cd 7d 57 8f ee 8a 1b 3c  `..U.B.2.}W....<


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0511: 20006e70: 0010:  e0 d3 fb 55 b2 fc fb 7c ae 8a 79 89 e3 e9 78 91  ...U...|..y...x.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0369: 20006e70: client hello, add ciphersuite: 1301, TLS1-3-AES-128-GCM-SHA256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0369: 20006e70: client hello, add ciphersuite: 1302, TLS1-3-AES-256-GCM-SHA384


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0369: 20006e70: client hello, add ciphersuite: 1303, TLS1-3-CHACHA20-POLY1305-SHA256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0369: 20006e70: client hello, add ciphersuite: 1304, TLS1-3-AES-128-CCM-SHA256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0369: 20006e70: client hello, add ciphersuite: 1305, TLS1-3-AES-128-CCM-8-SHA256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0386: 20006e70: adding EMPTY_RENEGOTIATION_INFO_SCSV


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0397: 20006e70: client hello, got 6 cipher suites


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0059: 20006e70: client hello, adding server name extension: a3sdt3remf1p6f-ats.iot.us-east-1.amazonaws.com


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0058: 20006e70: client hello, adding supported versions extension


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0081: 20006e70: supported version: [3:4]


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0584: 20006e70: no cookie to send; skip extension


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0290: 20006e70: client hello: adding key share extension


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1523: 20006e70: Perform PSA-based ECDH computation.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0364: 20006e70: dumping 'client hello, key_share extension' (42 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0364: 20006e70: 0000:  00 33 00 26 00 24 00 1d 00 20 10 5e 82 d8 f5 e5  .3.&.$... .^....


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0364: 20006e70: 0010:  eb dc 4c b2 80 54 e9 b9 c1 7a 0f b5 da 48 84 19  ..L..T...z...H..


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0364: 20006e70: 0020:  d3 a1 05 7e 3d 90 cb 24 c7 02                    ...~=..$..


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0647: 20006e70: client hello, adding psk_key_exchange_modes extension


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0244: 20006e70: client hello, adding supported_groups extension


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 20006e70: got supported group(001d)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0277: 20006e70: NamedGroup: x25519 ( 1d )


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 20006e70: got supported group(0017)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0277: 20006e70: NamedGroup: secp256r1 ( 17 )


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 20006e70: got supported group(0018)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0277: 20006e70: NamedGroup: secp384r1 ( 18 )


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 20006e70: got supported group(001e)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0277: 20006e70: NamedGroup: x448 ( 1e )


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 20006e70: got supported group(0019)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0277: 20006e70: NamedGroup: secp521r1 ( 19 )


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 20006e70: got supported group(001a)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 20006e70: got supported group(001b)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 20006e70: got supported group(001c)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0300: 20006e70: dumping 'Supported groups extension' (12 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0300: 20006e70: 0000:  00 0a 00 1d 00 17 00 18 00 1e 00 19              ............


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9187: 20006e70: adding signature_algorithms extension


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [403] ecdsa_secp256r1_sha256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [403] ecdsa_secp256r1_sha256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [503] ecdsa_secp384r1_sha384


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [503] ecdsa_secp384r1_sha384


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [603] ecdsa_secp521r1_sha512


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [603] ecdsa_secp521r1_sha512


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [806] rsa_pss_rsae_sha512


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [806] rsa_pss_rsae_sha512


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [805] rsa_pss_rsae_sha384


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [805] rsa_pss_rsae_sha384


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [804] rsa_pss_rsae_sha256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [804] rsa_pss_rsae_sha256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [601] rsa_pkcs1_sha512


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [601] rsa_pkcs1_sha512


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [501] rsa_pkcs1_sha384


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [501] rsa_pkcs1_sha384


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9209: 20006e70: got signature scheme [401] rsa_pkcs1_sha256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9217: 20006e70: sent signature scheme [401] rsa_pkcs1_sha256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0925: 20006e70: skip pre_shared_key extensions


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0672: 20006e70: client hello, total extension length: 151


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: dumping 'client hello extensions' (151 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0000:  00 97 00 00 00 33 00 31 00 00 2e 61 33 73 64 74  .....3.1...a3sdt


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0010:  33 72 65 6d 66 31 70 36 66 2d 61 74 73 2e 69 6f  3remf1p6f-ats.io


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0020:  74 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a  t.us-east-1.amaz


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0030:  6f 6e 61 77 73 2e 63 6f 6d 00 2b 00 03 02 03 04  onaws.com.+.....


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0040:  00 33 00 26 00 24 00 1d 00 20 10 5e 82 d8 f5 e5  .3.&.$... .^....


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0050:  eb dc 4c b2 80 54 e9 b9 c1 7a 0f b5 da 48 84 19  ..L..T...z...H..


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0060:  d3 a1 05 7e 3d 90 cb 24 c7 02 00 2d 00 03 02 01  ...~=..$...-....


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0070:  00 00 0a 00 0c 00 0a 00 1d 00 17 00 18 00 1e 00  ................


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0080:  19 00 0d 00 14 00 12 04 03 05 03 06 03 08 06 08  ................


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0674: 20006e70: 0090:  05 08 04 06 01 05 01                             .......


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: server_name(0) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: supported_groups(10) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: signature_algorithms(13) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: supported_versions(43) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: psk_key_exchange_modes(45) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: key_share(51) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0679: 20006e70: ClientHello: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2626: 20006e70: => write handshake message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 20006e70: => write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2884: 20006e70: output record: msgtype = 22, version = [3:3], msglen = 240


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 20006e70: <= write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2754: 20006e70: <= write handshake message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0996: 20006e70: <= write client hello


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2196: 20006e70: message length: 245, out_left: 245


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 20006e70: ssl->f_send() returned 245 (-0xffffff0b)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_SERVER_HELLO


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1938: 20006e70: => ssl_tls13_process_server_hello


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 20006e70: => read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3735: 20006e70: input record: msgtype = 22, version = [0x303], msglen = 122


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 5, nb_want: 127


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 5, nb_want: 127


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 122 (-0xffffff86)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3090: 20006e70: handshake message: msglen = 122, type = 2, hslen = 122


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4076: 20006e70: <= read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1440: 20006e70: received ServerHello message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1560: 20006e70: dumping 'server hello, version' (2 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1560: 20006e70: 0000:  03 03                                            ..


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1590: 20006e70: dumping 'server hello, random bytes' (32 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1590: 20006e70: 0000:  d7 6d 83 e1 75 19 c6 06 9d ff e4 85 c6 b5 39 51  .m..u.........9Q


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1590: 20006e70: 0010:  18 58 a9 01 7b 20 38 61 98 5a 67 02 bf d0 58 6d  .X..{ 8a.Zg...Xm


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1515: 20006e70: dumping 'Session ID' (32 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1515: 20006e70: 0000:  60 ba 95 55 1e 42 f7 32 cd 7d 57 8f ee 8a 1b 3c  `..U.B.2.}W....<


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1515: 20006e70: 0010:  e0 d3 fb 55 b2 fc fb 7c ae 8a 79 89 e3 e9 78 91  ...U...|..y...x.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1652: 20006e70: server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1687: 20006e70: dumping 'server hello extensions' (46 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1687: 20006e70: 0000:  00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 fc 94  .+.....3.$... ..


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1687: 20006e70: 0010:  ad b3 6e 8d 8e 9d a4 e2 2d 58 47 8d 7c 6e 43 77  ..n.....-XG.|nCw


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1687: 20006e70: 0020:  d9 f8 04 f3 ae d2 eb 29 21 03 c8 f7 1f 4e        .......)!....N


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1584: 20006e70: ServerHello: supported_versions(43) extension received.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1584: 20006e70: ServerHello: key_share(51) extension received.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1751: 20006e70: found key_shares extension


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0504: 20006e70: ECDH curve: x25519


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: server_name(0) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: supported_groups(10) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: signature_algorithms(13) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: supported_versions(43) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: psk_key_exchange_modes(45) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: key_share(51) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1781: 20006e70: ServerHello: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1867: 20006e70: Selected key exchange mode: ephemeral


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:1316: 20006e70: => mbedtls_ssl_tls13_generate_handshake_keys


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:1407: 20006e70: <= mbedtls_ssl_tls13_generate_handshake_keys


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1892: 20006e70: Switch to handshake keys for inbound traffic


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1987: 20006e70: <= ssl_tls13_process_server_hello ( ServerHello )


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2110: 20006e70: => parse encrypted extensions


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 20006e70: => read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3735: 20006e70: input record: msgtype = 20, version = [0x303], msglen = 1


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 5, nb_want: 6


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 5, nb_want: 6


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 1 (-0xffffffff)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4928: 20006e70: Ignore ChangeCipherSpec in TLS 1.3 compatibility mode


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3735: 20006e70: input record: msgtype = 23, version = [0x303], msglen = 27


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 5, nb_want: 32


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 5, nb_want: 32


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 27 (-0xffffffe5)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1306: 20006e70: => decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1928: 20006e70: <= decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3090: 20006e70: handshake message: msglen = 10, type = 8, hslen = 10


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4076: 20006e70: <= read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2020: 20006e70: dumping 'encrypted extensions' (4 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2020: 20006e70: 0000:  00 00 00 00                                      ....


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1584: 20006e70: EncryptedExtensions: server_name(0) extension received.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2081: 20006e70: EncryptedExtensions: server_name(0) extension ( ignored ).


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: server_name(0) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: supported_groups(10) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: signature_algorithms(13) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: supported_versions(43) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: psk_key_exchange_modes(45) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: key_share(51) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2089: 20006e70: EncryptedExtensions: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2143: 20006e70: <= parse encrypted extensions


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_CERTIFICATE_REQUEST


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2324: 20006e70: => parse certificate request


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 20006e70: => read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3735: 20006e70: input record: msgtype = 23, version = [0x303], msglen = 68


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 5, nb_want: 73


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 5, nb_want: 73


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 68 (-0xffffffbc)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1306: 20006e70: => decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1928: 20006e70: <= decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3090: 20006e70: handshake message: msglen = 51, type = 13, hslen = 51


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4076: 20006e70: <= read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2177: 20006e70: got a certificate request


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 20006e70: => read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4072: 20006e70: reuse previously read message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4076: 20006e70: <= read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1584: 20006e70: CertificateRequest: signature_algorithms(13) extension received.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2267: 20006e70: found signature algorithms extension


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: server_name(0) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: supported_groups(10) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: signature_algorithms(13) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: supported_versions(43) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: psk_key_exchange_modes(45) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: key_share(51) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2286: 20006e70: CertificateRequest: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2358: 20006e70: <= parse certificate request


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_SERVER_CERTIFICATE


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0778: 20006e70: => parse certificate


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 20006e70: => read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3735: 20006e70: input record: msgtype = 23, version = [0x303], msglen = 5028


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 5, nb_want: 5033


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 5, nb_want: 5033


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 1455 (-0xfffffa51)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 1460, nb_want: 5033


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 3573 (-0xfffff20b)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1306: 20006e70: => decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1928: 20006e70: <= decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3090: 20006e70: handshake message: msglen = 5011, type = 11, hslen = 5011


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4076: 20006e70: <= read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: server_name(0) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_groups(10) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signature_algorithms(13) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_versions(43) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: psk_key_exchange_modes(45) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: key_share(51) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: server_name(0) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_groups(10) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signature_algorithms(13) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_versions(43) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: psk_key_exchange_modes(45) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: key_share(51) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: server_name(0) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_groups(10) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signature_algorithms(13) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_versions(43) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: psk_key_exchange_modes(45) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: key_share(51) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: server_name(0) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_groups(10) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signature_algorithms(13) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_versions(43) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: psk_key_exchange_modes(45) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: key_share(51) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0550: 20006e70: Certificate: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: peer certificate #1:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: cert. version     : 3


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: serial number     : 09:F7:C5:3F:B8:A5:8D:0E:19:41:B7:D4:D8:E3:B0:CE


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: issuer name       : C=US, O=Amazon, CN=Amazon RSA 2048 M01


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: subject name      : CN=*.iot.us-east-1.amazonaws.com


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: issued  on        : 2024-08-21 00:00:00


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: expires on        : 2025-07-22 23:59:59


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: signed using      : RSA with SHA-256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: RSA key size      : 2048 bits


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: basic constraints : CA=false


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: subject alt name  :


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:     dNSName : iot.us-east-1.amazonaws.com


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:     dNSName : *.iot.us-east-1.amazonaws.com


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: key usage         : Digital Signature, Key Encipherment


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: certificate policies : ???


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: value of 'crt->rsa.N' (2048 bits) is:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  d5 1b fa aa 9a 75 bf d0 72 a3 1a 85 4e 7f 2d b5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  48 08 b6 c8 09 02 3e 95 b2 2b a3 a4 6c 8c 91 79


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  4f 08 fb 6b 25 45 3c c4 1d a2 da ed ce 57 23 17


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  12 bb a4 da 86 9e ee 0a 94 ba 78 eb 1e f3 d0 2d


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  9d d5 76 8a d5 7c 5a b2 75 d2 dd ab 4c f5 c9 c8


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  b3 00 d2 9c dd 5f 54 e3 0f 09 fb b5 a0 8d 9c dc


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  92 a2 ec d6 90 8e 16 fc 0e bd 78 5c 1b a2 03 24


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  40 01 d7 58 fa 90 a5 c4 21 c3 af 2c e8 df 3b dd


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  73 6d 30 7c eb e9 7f 26 20 c3 d5 0b b0 67 3f ec


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  0a f7 23 0d de 2a 56 96 30 0c 85 8b 01 8d e4 a2


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  84 1e 9e 26 77 58 f9 59 c2 5d 3a 28 02 4c 11 8c


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  4c 0e 1d a8 fb 66 80 2c 69 45 69 d8 3b c1 e6 1a


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  86 07 21 35 de 8f 08 a4 d4 6b c4 a0 de 9f ea 54


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  7d f2 e5 45 ff 6d 8c ed d4 25 9f dc 98 62 1e 29


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  4e 39 57 3b 8c 50 1c 92 a7 5a 03 9e cd e7 7b 35


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  ca bf 3c c1 a9 01 0c 9c 42 57 aa f5 3d 0d f1 b3


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: value of 'crt->rsa.E' (17 bits) is:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  01 00 01


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: peer certificate #2:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: cert. version     : 3


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: serial number     : 07:73:12:38:0B:9D:66:88:A3:3B:1E:D9:BF:9C:CD:A6:8E:0E:0F


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: issuer name       : C=US, O=Amazon, CN=Amazon Root CA 1


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: subject name      : C=US, O=Amazon, CN=Amazon RSA 2048 M01


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: issued  on        : 2022-08-23 22:21:28


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: expires on        : 2030-08-23 22:21:28


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: signed using      : RSA with SHA-256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: RSA key size      : 2048 bits


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: basic constraints : CA=true, max_pathlen=0


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: key usage         : Digital Signature, Key Cert Sign, CRL Sign


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: certificate policies : ???


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: value of 'crt->rsa.N' (2048 bits) is:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  eb 71 2c a9 cb 1f 88 28 92 32 30 af 8a 57 0f 78


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  b7 37 25 95 55 87 ac 67 5c 97 d3 22 c8 da a2 14


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  67 6b 7c f0 67 da e2 03 2a b3 56 12 5d c6 b5 47


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  f9 67 08 a7 93 7a 95 92 18 0f b4 f9 f9 10 36 9a


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  7f 2f 80 b6 4f ba 13 4e c7 5d 53 1e e0 dd 96 33


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  07 20 d3 96 bc 12 e4 74 50 42 a1 05 13 73 b5 4f


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  9b 44 24 fe 2d 7f ed bc 22 85 ec 36 21 33 97 75


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  06 ce 27 18 82 dc e3 d9 c5 82 07 8d 5e 26 01 26


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  26 67 1f d9 3f 13 cf 32 ba 6b ad 78 64 fc aa ff


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  0e 02 3c 07 df 9c 05 78 72 8c fd ea 75 b7 03 28


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  84 da e8 6e 07 8c d0 50 85 ef 81 54 b2 71 6e ec


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  6d 62 ef 8f 94 c3 5e e9 c4 a4 d0 91 c0 2e 24 91


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  98 ca ee ba 25 8e d4 f6 71 b6 fb 5b 6b 38 06 48


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  37 47 8d 86 dc f2 ea 06 fb 76 37 7d 9e ff 42 4e


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  4d 58 82 93 cf e2 71 c2 78 b1 7a ab 4b 5b 94 37


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  88 81 e4 d9 af 24 ae f8 72 c5 65 fb 4b b4 51 e7


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: value of 'crt->rsa.E' (17 bits) is:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  01 00 01


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: peer certificate #3:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: cert. version     : 3


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: serial number     : 06:7F:94:4A:2A:27:CD:F3:FA:C2:AE:2B:01:F9:08:EE:B9:C4:C6


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: issuer name       : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies\, Inc., CN=Starfield Services Root Certificate Authority - G2


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: subject name      : C=US, O=Amazon, CN=Amazon Root CA 1


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: issued  on        : 2015-05-25 12:00:00


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: expires on        : 2037-12-31 01:00:00


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: signed using      : RSA with SHA-256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: RSA key size      : 2048 bits


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: basic constraints : CA=true


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: key usage         : Digital Signature, Key Cert Sign, CRL Sign


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: certificate policies : Any Policy


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: value of 'crt->rsa.N' (2048 bits) is:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  b2 78 80 71 ca 78 d5 e3 71 af 47 80 50 74 7d 6e


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  d8 d7 88 76 f4 99 68 f7 58 21 60 f9 74 84 01 2f


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  ac 02 2d 86 d3 a0 43 7a 4e b2 a4 d0 36 ba 01 be


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  8d db 48 c8 07 17 36 4c f4 ee 88 23 c7 3e eb 37


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  f5 b5 19 f8 49 68 b0 de d7 b9 76 38 1d 61 9e a4


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  fe 82 36 a5 e5 4a 56 e4 45 e1 f9 fd b4 16 fa 74


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  da 9c 9b 35 39 2f fa b0 20 50 06 6c 7a d0 80 b2


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  a6 f9 af ec 47 19 8f 50 38 07 dc a2 87 39 58 f8


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  ba d5 a9 f9 48 67 30 96 ee 94 78 5e 6f 89 a3 51


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  c0 30 86 66 a1 45 66 ba 54 eb a3 c3 91 f9 48 dc


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  ff d1 e8 30 2d 7d 2d 74 70 35 d7 88 24 f7 9e c4


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  59 6e bb 73 87 17 f2 32 46 28 b8 43 fa b7 1d aa


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  ca b4 f2 9f 24 0e 2d 4b f7 71 5c 5e 69 ff ea 95


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  02 cb 38 8a ae 50 38 6f db fb 2d 62 1b c5 c7 1e


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  54 e1 77 e0 67 c8 0f 9c 87 23 d6 3f 40 20 7f 20


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  80 c4 80 4c 3e 3b 24 26 8e 04 ae 6c 9a c8 aa 0d


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: value of 'crt->rsa.E' (17 bits) is:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  01 00 01


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: peer certificate #4:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: cert. version     : 3


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: serial number     : A7:0E:4A:4C:34:82:B7:7F


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: issuer name       : C=US, O=Starfield Technologies\, Inc., OU=Starfield Class 2 Certification Authority


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: subject name      : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies\, Inc., CN=Starfield Services Root Certificate Authority - G2


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: issued  on        : 2009-09-02 00:00:00


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: expires on        : 2034-06-28 17:39:16


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: signed using      : RSA with SHA-256


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: RSA key size      : 2048 bits


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: basic constraints : CA=true


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: key usage         : Digital Signature, Key Cert Sign, CRL Sign


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: certificate policies : Any Policy


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: value of 'crt->rsa.N' (2048 bits) is:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  d5 0c 3a c4 2a f9 4e e2 f5 be 19 97 5f 8e 88 53


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  b1 1f 3f cb cf 9f 20 13 6d 29 3a c8 0f 7d 3c f7


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  6b 76 38 63 d9 36 60 a8 9b 5e 5c 00 80 b2 2f 59


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  7f f6 87 f9 25 43 86 e7 69 1b 52 9a 90 e1 71 e3


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  d8 2d 0d 4e 6f f6 c8 49 d9 b6 f3 1a 56 ae 2b b6


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  74 14 eb cf fb 26 e3 1a ba 1d 96 2e 6a 3b 58 94


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  89 47 56 ff 25 a0 93 70 53 83 da 84 74 14 c3 67


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  9e 04 68 3a df 8e 40 5a 1d 4a 4e cf 43 91 3b e7


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  56 d6 00 70 cb 52 ee 7b 7d ae 3a e7 bc 31 f9 45


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  f6 c2 60 cf 13 59 02 2b 80 cc 34 47 df b9 de 90


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  65 6d 02 cf 2c 91 a6 a6 e7 de 85 18 49 7c 66 4e


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  a3 3a 6d a9 b5 ee 34 2e ba 0d 03 b8 33 df 47 eb


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  b1 6b 8d 25 d9 9b ce 81 d1 45 46 32 96 70 87 de


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  02 0e 49 43 85 b6 6c 73 bb 64 ea 61 41 ac c9 d4


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  54 df 87 2f c7 22 b2 26 cc 9f 59 54 68 9f fc be


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  2a 2f c4 55 1c 75 40 60 17 85 02 55 39 8b 7f 05


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70: value of 'crt->rsa.E' (17 bits) is:


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0563: 20006e70:  01 00 01


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0758: 20006e70: Certificate verification flags clear


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0800: 20006e70: <= parse certificate


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_CERTIFICATE_VERIFY


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0302: 20006e70: => parse certificate verify


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 20006e70: => read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3735: 20006e70: input record: msgtype = 23, version = [0x303], msglen = 281


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 5, nb_want: 286


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 5, nb_want: 286


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 281 (-0xfffffee7)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1306: 20006e70: => decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1928: 20006e70: <= decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3090: 20006e70: handshake message: msglen = 264, type = 15, hslen = 264


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4076: 20006e70: <= read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0324: 20006e70: dumping 'handshake hash' (32 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0324: 20006e70: 0000:  12 26 1e e5 8d 3c a2 ca b8 fc f1 25 db f2 e9 ec  .&...<.....%....


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0324: 20006e70: 0010:  70 0a 17 ec ea b7 fa a7 ac 87 39 e7 78 71 56 68  p.........9.xqVh


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0229: 20006e70: Certificate Verify: Signature algorithm ( 0804 )


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0257: 20006e70: dumping 'verify hash' (32 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0257: 20006e70: 0000:  25 e1 04 50 16 5c 59 7e 6b c6 f9 e0 9f 82 50 69  %..P.\Y~k.....Pi


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0257: 20006e70: 0010:  a1 aa 5f f4 4d 93 56 bf 65 66 9e d9 d6 98 a4 c8  .._.M.V.ef......


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0344: 20006e70: <= parse certificate verify


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0345: 20006e70: mbedtls_ssl_tls13_process_certificate_verify() returned 0 (-0x0000)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_SERVER_FINISHED


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1207: 20006e70: => parse finished message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 20006e70: => read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3735: 20006e70: input record: msgtype = 23, version = [0x303], msglen = 53


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 5, nb_want: 58


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 5, nb_want: 58


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 53 (-0xffffffcb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 20006e70: <= fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1306: 20006e70: => decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1928: 20006e70: <= decrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3090: 20006e70: handshake message: msglen = 36, type = 20, hslen = 36


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4076: 20006e70: <= read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0752: 20006e70: => mbedtls_ssl_tls13_calculate_verify_data


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0785: 20006e70: dumping 'verify_data for finished message' (32 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0785: 20006e70: 0000:  73 6d b1 c6 12 97 15 a8 80 75 bb 0c b9 bb 3f 34  sm.......u....?4


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0785: 20006e70: 0010:  1f b4 42 07 8b 52 c0 b4 9c 62 df 60 33 84 df 70  ..B..R...b.`3..p


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0786: 20006e70: <= mbedtls_ssl_tls13_calculate_verify_data


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1223: 20006e70: <= parse finished message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:1533: 20006e70: => derive application traffic keys


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:1623: 20006e70: <= derive application traffic keys


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1356: 20006e70: => write change cipher spec


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 20006e70: => write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2884: 20006e70: output record: msgtype = 20, version = [3:3], msglen = 1


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 20006e70: <= write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1371: 20006e70: <= write change cipher spec


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2196: 20006e70: message length: 6, out_left: 6


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 20006e70: ssl->f_send() returned 6 (-0xfffffffa)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_CLIENT_CERTIFICATE


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2436: 20006e70: Switch to handshake traffic keys for outbound traffic


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0901: 20006e70: => write certificate


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: unrecognized(255) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: server_name(0) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: max_fragment_length(1) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: status_request(5) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: supported_groups(10) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: signature_algorithms(13) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: use_srtp(14) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: heartbeat(15) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: application_layer_protocol_negotiation(16) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: signed_certificate_timestamp(18) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: client_certificate_type(19) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: server_certificate_type(20) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: padding(21) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: pre_shared_key(41) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: early_data(42) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: supported_versions(43) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: cookie(44) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: psk_key_exchange_modes(45) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: certificate_authorities(47) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: oid_filters(48) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: post_handshake_auth(49) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: signature_algorithms_cert(50) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: key_share(51) extension exists.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: truncated_hmac(4) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: supported_point_formats(11) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: encrypt_then_mac(22) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: extended_master_secret(23) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0890: 20006e70: Certificate: session_ticket(35) extension does not exist.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2626: 20006e70: => write handshake message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 20006e70: => write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 20006e70: => encrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0981: 20006e70: before encrypt: msglen = 16, including 0 bytes of padding


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 20006e70: <= encrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2884: 20006e70: output record: msgtype = 23, version = [3:3], msglen = 32


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 20006e70: <= write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2754: 20006e70: <= write handshake message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0918: 20006e70: <= write certificate


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2462: 20006e70: skip write certificate verify


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2196: 20006e70: message length: 37, out_left: 37


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 20006e70: ssl->f_send() returned 37 (-0xffffffdb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_CLIENT_FINISHED


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1285: 20006e70: => write finished message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0752: 20006e70: => mbedtls_ssl_tls13_calculate_verify_data


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0785: 20006e70: dumping 'verify_data for finished message' (32 bytes)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0785: 20006e70: 0000:  84 db ea 1c 35 e3 c7 31 94 ee f0 4f c7 e8 6d 30  ....5..1...O..m0


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0785: 20006e70: 0010:  b4 c1 cd 44 79 f4 69 a1 26 d6 3a a7 64 65 52 81  ...Dy.i.&.:.deR.


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:0786: 20006e70: <= mbedtls_ssl_tls13_calculate_verify_data


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2626: 20006e70: => write handshake message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 20006e70: => write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 20006e70: => encrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0981: 20006e70: before encrypt: msglen = 48, including 0 bytes of padding


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 20006e70: <= encrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2884: 20006e70: output record: msgtype = 23, version = [3:3], msglen = 64


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 20006e70: <= write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2754: 20006e70: <= write handshake message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1302: 20006e70: <= write finished message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:1696: 20006e70: => mbedtls_ssl_tls13_compute_resumption_master_secret


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_keys.c:1723: 20006e70: <= mbedtls_ssl_tls13_compute_resumption_master_secret


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2196: 20006e70: message length: 69, out_left: 69


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 20006e70: ssl->f_send() returned 69 (-0xffffffbb)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_FLUSH_BUFFERS


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:2515: 20006e70: handshake: done


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3710: 20006e70: client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1309: 20006e70: => handshake wrapup


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1311: 20006e70: Switch to application keys for inbound traffic


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1314: 20006e70: Switch to application keys for outbound traffic


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1328: 20006e70: <= handshake wrapup


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3801: 20006e70: <= handshake


[0;32m[SL-MBEDTLS::INFO]     Success ! SSL/TLS handshake completed !
[0;32m[SL-MBEDTLS::INFO]  Verifying peer X.509 certificate...
[0;32m[SL-MBEDTLS::INFO]     Success !
[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5914: 20006e70: => write


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 20006e70: => write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 20006e70: => encrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0981: 20006e70: before encrypt: msglen = 96, including 0 bytes of padding


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 20006e70: <= encrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2884: 20006e70: output record: msgtype = 23, version = [3:3], msglen = 112


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2196: 20006e70: message length: 117, out_left: 117


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 20006e70: ssl->f_send() returned 117 (-0xffffff8b)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 20006e70: <= flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 20006e70: <= write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5938: 20006e70: <= write


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5632: 20006e70: => read


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 20006e70: => read record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 20006e70: => fetch input


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2118: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2143: 20006e70: in_left: 0, nb_want: 5


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 20006e70: ssl->f_recv(_timeout)() returned 0 (-0x0000)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4693: 20006e70: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4035: 20006e70: ssl_get_next_record() returned -29312 (-0x7280)


[0;31m[SL-MBEDTLS::ERROR]  mbedtls_ssl_read returned 0

[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5953: 20006e70: => write close notify


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5031: 20006e70: => send alert message


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5032: 20006e70: send alert level=1 message=0


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 20006e70: => write record


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 20006e70: => encrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0981: 20006e70: before encrypt: msglen = 16, including 0 bytes of padding


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 20006e70: <= encrypt buf


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2884: 20006e70: output record: msgtype = 23, version = [3:3], msglen = 32


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 20006e70: => flush output


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2196: 20006e70: message length: 37, out_left: 37


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 20006e70: ssl->f_send() returned -78 (-0x004e)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2933: 20006e70: mbedtls_ssl_flush_output() returned -78 (-0x004e)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5041: 20006e70: mbedtls_ssl_write_record() returned -78 (-0x004e)


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5961: 20006e70: mbedtls_ssl_send_alert_message() returned -78 (-0x004e)


[0;32m[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Connection Socket 1 was removed

[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:4717: 20006e70: => free


[0;32m[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:4785: 20006e70: <= free


[0;32m[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Listener Socket 1 was removed

[0;32m[MQTT_APP::INFO]  second: MQTT_EVENT_SERVER_DISCONNECT

I thought that it might be because cc3220sf doesn't support TLS 1.3 (only shows TLS 1.0, 1.1 and 1.2 feature list), but I managed to get a secure connection to the test mosquitto broker using TLS 1.3, so I'm confused about this.

In the mean time I've been trying to use wireshark to try further debug the connection. It seems that its failing the TLS 1.3 connection and falling back to TLS 1.2. Its receiving all the relevant packets (client/server hello, cipher suites) for TLS 1.2, but TLS 1.3 its not receiving the client hello packet. ChatGPT says that not receiving the client hello packet means that the handshake isn't being initiated properly and is because of mismatch in the TLS configuration or setup. I've tried making sure all my configs are setup to focus TLS 1.3.

Stuff I've tried:
- AWS domain security policy set to TLS13_1_3 (newest, only accepts TLS 1.3).

- edited my "mqttConnParams" to include a TLS 1.3 supported cipher - TLS_AES_128_GCM_SHA256

SLNETSOCK_SEC_CIPHER_TLS_RSA_WITH_AES_128_GCM_SHA256

- slnetifwifi.c file seems to have everything setup already to enable and support TLS 1.3 like:

#define MBEDTLS_SSL_PROTO_TLS1_3

#if SUPPORT_TLS1_3
    mbedtls_ssl_conf_min_tls_version(&pTlsSock->conf, MBEDTLS_SSL_VERSION_TLS1_3); /* Set the minimum accepted SSL/TLS protocol version */
    mbedtls_ssl_conf_max_tls_version(&pTlsSock->conf, MBEDTLS_SSL_VERSION_TLS1_3); /* Set the maximum supported version sent from client side and/or accepted at server side */
#endif

I'm thinking of maybe just trying to configure AWS and mbedtls to maybe connect using TLS 1.2 in this TLS 1.3 project?? Not too sure what else I could potentially try.

0 Shlomi Itzhak 2 months ago in reply to Niranjan Gurung

TI__Guru 61015 points

Hi,

I looked at the printout and looked at the client hello.

you can see that the version says [3:3] which correlated to TLS1.2 (output record: msgtype = 22, version = [3:3], msglen = 240) but in the code it intentionally configures to TLS1.2, so I do not believe this is the issue:

int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
{
    int ret, done = 0;
    size_t len = ssl->out_msglen;
    int flush = force_flush;

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );

    if( !done )
    {
        unsigned i;
        size_t protected_record_size;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
        size_t out_buf_len = ssl->out_buf_len;
#else
        size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif
        /* Skip writing the record content type to after the encryption,
         * as it may change when using the CID extension. */
        mbedtls_ssl_protocol_version tls_ver = ssl->tls_version;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
        /* TLS 1.3 still uses the TLS 1.2 version identifier
         * for backwards compatibility. */
        if( tls_ver == MBEDTLS_SSL_VERSION_TLS1_3 )
            tls_ver = MBEDTLS_SSL_VERSION_TLS1_2;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
        mbedtls_ssl_write_version( ssl->out_hdr + 1, ssl->conf->transport,
                                   tls_ver );

When you mentioned a sniffer, can you share it? is it an air sniffer that shows the handshake?

I don't see issue with using TLS1.2 at the moment but would be good to know why it fails.

Shlomi

0 Niranjan Gurung 2 months ago in reply to Shlomi Itzhak

Prodigy 10 points

Hi,

here is a log output of one of the packets (named "Server Hello") received during the connection:

Frame 333: 181 bytes on wire (1448 bits), 181 bytes captured (1448 bits) on interface \Device\***, id 0
    Section number: 1
    Interface id: 0 (\Device\***)
        Interface name: \Device\***
        Interface description: WiFi 2
    Encapsulation type: Ethernet (1)
    Arrival Time: Nov 21, 2024 16:24:02.828045000 GMT Standard Time
    UTC Arrival Time: Nov 21, 2024 16:24:02.828045000 UTC
    Epoch Arrival Time: 1732206242.828045000
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.003290000 seconds]
    [Time since reference or first frame: 19.008555000 seconds]
    Frame Number: 333
    Frame Length: 181 bytes (1448 bits)
    Capture Length: 181 bytes (1448 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:tls]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: 9e:05:d6:60:49:16 (9e:05:d6:60:49:16), Dst: Intel_ba:0f:4a (70:9c:d1:ba:0f:4a)
    Destination: Intel_ba:0f:4a (70:9c:d1:ba:0f:4a)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 9e:05:d6:60:49:16 (9e:05:d6:60:49:16)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
    [Stream index: 1]
Internet Protocol Version 4, Src: 18.101.8.10, Dst: 172.20.1.132
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 167
    Identification: 0x41bd (16829)
    010. .... = Flags: 0x2, Don't fragment
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 243
    Protocol: TCP (6)
    Header Checksum: 0x7d8c [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 18.101.8.10
    Destination Address: 172.20.1.132
    [Stream index: 45]
Transmission Control Protocol, Src Port: 443, Dst Port: 65312, Seq: 1, Ack: 303, Len: 127
    Source Port: 443
    Destination Port: 65312
    [Stream index: 39]
    [Stream Packet Number: 6]
    [Conversation completeness: Incomplete, DATA (15)]
        ..0. .... = RST: Absent
        ...0 .... = FIN: Absent
        .... 1... = Data: Present
        .... .1.. = ACK: Present
        .... ..1. = SYN-ACK: Present
        .... ...1 = SYN: Present
        [Completeness Flags: ··DASS]
    [TCP Segment Len: 127]
    Sequence Number: 1    (relative sequence number)
    Sequence Number (raw): 762633888
    [Next Sequence Number: 128    (relative sequence number)]
    Acknowledgment Number: 303    (relative ack number)
    Acknowledgment number (raw): 795576721
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Accurate ECN: Not set
        .... 0... .... = Congestion Window Reduced: Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ·······AP···]
    Window: 7
    [Calculated window size: 28672]
    [Window size scaling factor: 4096]
    Checksum: 0xa663 [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    [Timestamps]
        [Time since first frame in this TCP stream: 0.090127000 seconds]
        [Time since previous frame in this TCP stream: 0.000000000 seconds]
    [SEQ/ACK analysis]
        [iRTT: 0.043888000 seconds]
        [Bytes in flight: 127]
        [Bytes sent since last PSH flag: 127]
    TCP payload (127 bytes)
Transport Layer Security
    TLSv1.3 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 122
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 118
            Version: TLS 1.2 (0x0303)
                [Expert Info (Chat/Deprecated): This legacy_version field MUST be ignored. The supported_versions extension is present and MUST be used instead.]
                    [This legacy_version field MUST be ignored. The supported_versions extension is present and MUST be used instead.]
                    [Severity level: Chat]
                    [Group: Deprecated]
            Random: 4e06fdbfbda6c87d63391479ff8e67c46766c85d11b1ce72c833667357724a03
            Session ID Length: 32
            Session ID: e148f32d16f530781f1a4795a6760cfcab3fa4edaa9530931808c0294a78871b
            Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
            Compression Method: null (0)
            Extensions Length: 46
            Extension: supported_versions (len=2) TLS 1.3
                Type: supported_versions (43)
                Length: 2
                Supported Version: TLS 1.3 (0x0304)
            Extension: key_share (len=36) x25519
                Type: key_share (51)
                Length: 36
                Key Share extension
                    Key Share Entry: Group: x25519, Key Exchange length: 32
                        Group: x25519 (29)
                        Key Exchange Length: 32
                        Key Exchange: e73aba7317a30624091106e06fd49a54072f970740ab878b9db5629b2bc1a158
            [JA3S Fullstring: 771,4865,43-51]
            [JA3S: f4febc55ea12b31ae17cfb7e614afda8]

Theres other packets like "Change Cipher Spec", and "Hello Retry Request", that I also receive during the process, which I can post if its of help.

I've decided to just stick to the TLS 1.2 demo for now, as its currently working with the starfield class 2 certificate.

0 Shlomi Itzhak 2 months ago in reply to Niranjan Gurung

TI__Guru 61015 points

It does seem that the cipher suite TLS_AES_128_GCM_SHA256 is for TLS1.3 and still the entire message is wrapped with TLS1.2. Not sure why.

Also the other capture shows "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" and ChangeCipherSpec is sent from client only with TLS1.2.

Maybe the fact that TLS1.2 eventually works is because of the fact that the mbedtls is compiled with the compatibility mode enabled. See the following section from the library:

/**
* \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
*
* Enable TLS 1.3 middlebox compatibility mode.
*
* As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
* mode to make a TLS 1.3 connection more likely to pass through middle boxes
* expecting TLS 1.2 traffic.
*
* Turning on the compatibility mode comes at the cost of a few added bytes
* on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
* that don't use it. Therefore, unless transmission bandwidth is critical and
* you know that middlebox compatibility issues won't occur, it is therefore
* recommended to set this option.
*
* Comment to disable compatibility mode for TLS 1.3. If
* MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
* effect on the build.
*
*/

Shlomi

Wi-Fi

Wi-Fi forum

CC3220SF: Secure MQTT Connection to AWS IoT Core TLS 1.3