-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS 1.3 mbedtls_ssl_handshake returns -0x6C00 (CA-288) #179
Comments
Looks like the error is from psa_generate_key() when you have TLS 1.3 enabled. After disabling TLS 1.3 I am able to connect. Is TLS 1.3 support broken? |
Hello @aselafernando, Thank you for reporting the issue. 0001-esp-tls-fix-ssl-connection-and-read-issues-when-usin.patch |
Hi @Harshal5 I tried the patch but got the following. Looks like these additions are missing a reference.
|
Thank you, got it! @aselafernando As mentioned in their release notes , they have been constantly adding support and bugfixes for TLS1.3 and so the newer releases like The newer version ( |
I'm using ESP-IDF 5.1, which includes mbedtls v3.4.0, and I still get an error 0x6C00 (MBEDTLS_ERR_SSL_INTERNAL_ERROR) when trying to use the HTTPS client or server with TLS 1.3 enabled. |
Any updates here? We are hitting the same issue and need TLS 1.3 support for production |
@aselafernando , @avrmp , see this issue: Mbed-TLS/mbedtls#8401 then esp-idf example of inserting call to psa_crypto_init() in application: https://github.com/espressif/esp-idf/blob/master/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c |
Branch 202210.01-LTS
IDF 5.0.1-stable
Running the tls_mutual_auth demo connecting to test.mosquitto.org:8884 I get a -0x6C00 error (Internal MBED TLS error).
I downloaded the root certificate for mosquitto.org and had the client certificate generated here https://test.mosquitto.org/ssl/
Key and CSR generated with
sdkconfig file used to compile:
sdkconfig.txt
Here is the ESP log
If I use the non-AWS demo at esp-idf-v5.0.1\examples\protocols\mqtt\ssl_mutual_auth, I can connect with no issues.
The text was updated successfully, but these errors were encountered: