Comments (8)
Thanks for the update. I've just fixed it in our code.
Very sorry for the noise. It turns out we were not reading the certificate correctly with the upgrade in clients, yet that was somehow working with some sites but not others.
Many thanks for your feedback on this and sorry to have wasted your time.
from mongoose.
Hello Mark,
we just use MbedTLS, there is nothing special in that besides possible API differences.
Our tests run on Windows, Mac, and Ubuntu 22.04 (what Github provides) and they all pass.
You should start by using 7.13, and you could even try our built-in TLS1.3
However, a bit of googling yields: "The error you are getting means that you have received a fatal alert from the server.
This fatal alert was sent after the server received the ClientHello message from your client.
This means that the server couldn’t find common parameters for a TLS handshake. Usually it is the server can’t support the proposed ciphersuites, however it could be other cases such as unsupported eliptic curves and hashes.", so you should check your credentials and what those servers expect from you, AND, in the specific code you are using, if there is an mbed configuration file, that will have specifics on what it will support, so you have to make it match, or remove that file and expect your OS will solve that.
from mongoose.
Hi! And thanks for the update.
This problem is happening on my and other users machines over different OSes, the only thing we have done is upgrade the mongoose client code, which is why I brought it here.
I had seen it's reporting a fatal error, 21 response being a MSG_ALERT, 22 being MSG_HANDSHAKE, and that 40 represents ERR_SSL_VERSION_OR_CIPHER_MISMATCH. The logs show the earlier negotiation of ciphers is identical between the 2 endpoints I have logged, showing all 104 ciphers are the same.
I'm really trying to narrow down why only upgrading mongoose client causes this issue, downgrading fixes it. No mbed tls changes (as we're just using the system installed libs), just mongoose.c/h file changes in our code.
Our code is simply trying to request JSON served over https, there's no auth/credentials involved here. It's as simple as can be.
I'll continue to dig into this, I'm trying to reproduce with a local nginx as a reverse proxy and controlling tls versions.
from mongoose.
Hmm... that's weird.
There's been a lot of re-write in the TLS interface to make room for our own stack, and we've been favoring embedded-friendly features (elliptic curves and lighter-weight algorithms). I'm not familiar with pre-7.6.
So you have a CA cert and you just validate it, but there is a cypher exchange anyway and that is failing... Make sure your cert file contents start with dashes, and check how you pass that cert in options. It should fail in a different way if that was the case, but, it doesn't harm to try.
from mongoose.
Also apologies, we are using 7.13, not 7.11 as I reported, I'll update the post.
The ca.pem file is also constant between the scenarios too, it's well formatted and works with curl specified directly:
curl -vvv --cacert data/webui/common/ca.pem https://5card.carr-designs.com/state?table=blue\&player=THOMC
from mongoose.
I just tried your Google endpoint in my Linux with both OpenSSL and MbedTLS and it works with no hassle. Looks like this is a problem with your specific version of MbedTLS.
We've been very reluctant to rely on OS libraries, for a while we've been building against specific versions compiled on-the-fly. I think a quick fix for your issue can be to do that. In examples/http-client:
$ make mbedtls
$ make CFLAGS_EXTRA="-DMG_TLS=MG_TLS_MBED mbedtls/library/libmbedtls.a mbedtls/library/libmbedcrypto.a mbedtls/library/libmbedx509.a"
from mongoose.
@markjfisher hello Mark,
I just got the same issue, could you please share the details about how it was fixed?
from mongoose.
Very sorry for the noise. It turns out we were not reading the certificate correctly with the upgrade in clients, yet that was somehow working with some sites but not others.
This is not a Mongoose issue, please do not do necroposting nor thread hijacking,
If you have an actual issue, please open an issue, honor the issue template so we can know your scenario and reproduce the issue if necessary, and let us know exactly what you are doing
Please follow the guidelines in the documentation, examples and tutorials available.
from mongoose.
Related Issues (20)
- MacOS unit tests fail with MbedTLS HOT 9
- Is it possible to add the mg_mqtt_unsub function? HOT 3
- mqtt: Unable to set zero-length Will message
- how can we access fn_data from mg_http_listen's callback funtion (mg_event_handler_t) ? HOT 3
- [Request feature] can you support wolfssl library HOT 3
- upload in https using examplefile-upload-html-form is always pending in chrome but is ok in firefox. HOT 1
- Socket error after ota-updating the filesystem image HOT 1
- Fix for #2619 breaks fix for #2603 HOT 3
- Cleanup string API HOT 5
- mongoose.c:7543:accept_conn 1 accept failed, errno 24 HOT 1
- mg_http_next_multipart bug HOT 3
- cannot connect MQTT to STM32F407 HOT 1
- When I used the TLS scanning tool (https://github.com/rbsec/sslscan, scanning command: sslscan --tlsall 127.0.0.1:8443) to scan the 8443 port of the mongoose examples http-restful-server, the program appeared Infinite loop, continuous log printing, even if I have ended the TLS scan command. HOT 2
- The "mg_url_host" function is not work? HOT 1
- Can FreeRTOS_IPInit_Multi function be used properly? HOT 3
- Wrong assets in 7.14 HOT 1
- Mongoose accepts HTTP requests with invalid versions
- Mongoose accepts requests containing multiple differing Content-Length headers.
- Mongoose ignores `Connection: close` headers
- Potential Memory Leak in `mg_timer_free` Function HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mongoose.