ESP8266 Developer Zone

Re: SSL/TLS handshake issue

2022-05-18T16:47:12+08:00

Hi,

Perhaps someone else already discovered the reason behind the ESP8266 SSL Handshake Failure, but I found out that ESP8266 sends an initial Random during Client Hello with UNIX Timestamp 00000000 (=Jan 1, 1970 01:00:00.000000000). This is outside the web server certificate's time frame and may be a reason for the web server to reject the connection.

I am using an ESP8266 containing:

AT version:1.7.5.0(Oct 9 2021 09:26:04)
SDK version:3.0.5(b29dcd3)
compile time:Oct 15 2021 18:05:38
Bin version(Wroom 02):1.7.5

Before sending AT+CIPSTART="SSL","servername",443 I did configure SNTP using AT+CIPSNTPCFG=1,1,"pool.ntp.org" and issued a successful SNTP request with AT+CIPSNTPTIME?. But still the time info in the Random remains 0. See wireshark extract below:

Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 47
Version: TLS 1.1 (0x0302)
Random: 000000006606ced024c458f0afad29b242403955b02a121fd48d0fc83c452f44
GMT Unix Time: (0)Jan 1, 1970 01:00:00.000000000
Random Bytes: 6606ced024c458f0afad29b242403955b02a121fd48d0fc83c452f44
Session ID Length: 0
Cipher Suites Length: 8
Cipher Suites (4 suites)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)

The (Apache) webserver is allowing TLSv1.1, but responds with:

Transport Layer Security
TLSv1.1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
Content Type: Alert (21)
Version: TLS 1.1 (0x0302)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)

To test what happens if the Apache server does NOT accept TLSv1.1 I temporarily modified the server's SSL configuration. Then it responds as follows:

Transport Layer Security
TLSv1.1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)
Content Type: Alert (21)
Version: TLS 1.1 (0x0302)
Length: 2
Alert Message
Level: Fatal (2)
Description: Protocol Version (70)

So it indicates reject because of the used TLS protocol version.

The server also accepts ciphers TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA, so this is probably not the reason for handshake failure.

So I have the strong impression that the wrong time stamp is the reason for the failed SSL connections. Any idea how this can be solved?
Thanks!

Statistics: Posted by ESP_Frank — Wed May 18, 2022 4:47 pm

Re: SSL/TLS handshake issue

2021-08-30T15:47:29+08:00

I would not expect enabling CA verification would help if it does not work with it disabled.

Statistics: Posted by joezop — Mon Aug 30, 2021 3:47 pm

Re: SSL/TLS handshake issue

2021-07-21T07:54:17+08:00

Nico wrote:
I have the same issue. But I´m using AT-Comands.

I have tested:

AT+CIPSTART="SSL","de.yahoo.com",443
AT+CIPSTART="SSL","smtp.1und1.de",465
AT+CIPSTART="SSL","74.125.136.100",465 (smtp.google.com)

But everey time I become the answer:
ERROR
CLOSED

when I connecting to a server and look at the handshake with wireshark, then the esp8266 send after the SSL Hello from the Server, a SSL Alert to the Server with the Description "Handshake Error".

The SSL works only fine, if I use my own SSL-Server without certification.

Changing the CIPSSLSIZE or the CIPMUX makes no different.

Did you manage to solve this issue?
I'm having the same issue when trying to connect to Firebase (also by Google) with the AT+CIPSTART="SSL" command.
That said, I'm able to connect to other SSL sites with that command, including google.com

Statistics: Posted by oz.edri — Wed Jul 21, 2021 7:54 am

Re: SSL/TLS handshake issue

2016-07-15T21:30:20+08:00

I have the same issue. But I´m using AT-Comands.

I have tested:

AT+CIPSTART="SSL","de.yahoo.com",443
AT+CIPSTART="SSL","smtp.1und1.de",465
AT+CIPSTART="SSL","74.125.136.100",465 (smtp.google.com)

But everey time I become the answer:
ERROR
CLOSED

when I connecting to a server and look at the handshake with wireshark, then the esp8266 send after the SSL Hello from the Server, a SSL Alert to the Server with the Description "Handshake Error".

The SSL works only fine, if I use my own SSL-Server without certification.

Changing the CIPSSLSIZE or the CIPMUX makes no different.

Statistics: Posted by Nico — Fri Jul 15, 2016 9:30 pm

Re: SSL/TLS handshake issue

2016-07-08T17:25:59+08:00

i did 2 things to fix this problem,
using espconn_secure_set_size(3,8192),
and disabled all other server and client connections (my little web server). so that only a single SSL connection is active (in my case to a local mosquitto server with some self signed 2048 bit key)

Statistics: Posted by tshup — Fri Jul 08, 2016 5:25 pm

Re: SSL/TLS handshake issue

2016-06-19T11:41:54+08:00

Anyone from Espressif care to chime in here?

Statistics: Posted by GothAck — Sun Jun 19, 2016 11:41 am

Re: SSL/TLS handshake issue

2016-06-06T20:47:59+08:00

I'm having the same problem with TLS socket to Mosquitto. I've added my cacert to the image.

Debug output from ESP8266 (running nodemcu, but error seems to be from Expressif SSL library:

Code:

> c = net.createConnection(net.TCP, 1)
net_create is called.
TCP server/socket is set.
net_delete is called.
> c:connect(21883, 'apollo.gothack.name')
net_start is called.
TCP port is set: 21883.
TCP ip is set: 255.255.255.255
> socket_dns_found is called.
TCP ip is set: 45.32.95.69
socket_connect is called.
CERTIFICATE 5e9
� 0
 0
the file is not a PEM file.
E:M 0
Certificate '�' is undefined.
the file is not a PEM file.
client handshake start.
client handshake failed
Error: invalid protocol message
net_socket_reconnected is called.
net_socket_disconnected is called.

Config options applied to Mosquitto to ensure compatibility:

Code:

tls_version tlsv1.1
ciphers AES256-SHA:AES128-SHA

The handshake looks okay in Wireshark, but I'm no a expert on tls
(screenshots via Dropbox, annoyingly unembeddable)
https://www.dropbox.com/s/x296307zsitrr02/Screen%20Shot%202016-06-06%20at%2005.44.30.png?dl=0
https://www.dropbox.com/s/iu76au4v361xje5/Screen%20Shot%202016-06-06%20at%2005.44.41.png?dl=0

Edit: formatting

Statistics: Posted by GothAck — Mon Jun 06, 2016 8:47 pm

Re: SSL/TLS handshake issue

2015-09-24T06:18:20+08:00

I'm still having problems with this as of SDK 1.4.0

The code that I am testing this with can be found here: https://github.com/jkent/espbot

Build with USE_SECURE=1

Statistics: Posted by jkent — Thu Sep 24, 2015 6:18 am

Re: SSL/TLS handshake issue

2015-07-11T04:56:31+08:00

With the latest SDK 1.2.0 and SSL patch 2, this issue is still not resolved.

It now tries to connect over and over:

Code:

client handshake start.
client handshake failed
client handshake start.
client handshake failed
client handshake start.
client handshake failed
...

Statistics: Posted by jkent — Sat Jul 11, 2015 4:56 am

Re: SSL/TLS handshake issue

2015-06-30T12:17:40+08:00

I got a certificate from my CA installed, and I'm still getting the same handshake issue.

Output of sslscan with the new certificate below.

Code:

jkent@quark:~/Projects/sslscan$ ./sslscan jkent.net:6697
Version: 1.10.4-rbsec-wip-static
OpenSSL 1.0.2d-dev xx XXX xxxx

Testing SSL server jkent.net on port 6697

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Accepted  SSLv3    256 bits  AES256-SHA                   
Accepted  SSLv3    256 bits  CAMELLIA256-SHA              
Accepted  SSLv3    128 bits  AES128-SHA                   
Accepted  SSLv3    128 bits  SEED-SHA                     
Accepted  SSLv3    128 bits  CAMELLIA128-SHA              
Accepted  SSLv3    128 bits  RC4-SHA                      
Accepted  SSLv3    128 bits  RC4-MD5                      
Accepted  SSLv3    112 bits  DES-CBC3-SHA                 
Accepted  SSLv3    56 bits   DES-CBC-SHA                  
Accepted  TLSv1.0  256 bits  AES256-SHA                   
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  128 bits  SEED-SHA                     
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.0  128 bits  RC4-SHA                      
Accepted  TLSv1.0  128 bits  RC4-MD5                      
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.0  56 bits   DES-CBC-SHA                  
Accepted  TLSv1.1  256 bits  AES256-SHA                   
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  128 bits  SEED-SHA                     
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.1  128 bits  RC4-SHA                      
Accepted  TLSv1.1  128 bits  RC4-MD5                      
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.1  56 bits   DES-CBC-SHA                  
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
Accepted  TLSv1.2  256 bits  AES256-SHA256                
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  128 bits  AES128-SHA256                
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  128 bits  SEED-SHA                     
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.2  128 bits  RC4-SHA                      
Accepted  TLSv1.2  128 bits  RC4-MD5                      
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.2  56 bits   DES-CBC-SHA                  

  Preferred Server Cipher(s):
SSLv3    256 bits  AES256-SHA                   
TLSv1.0  256 bits  AES256-SHA                   
TLSv1.1  256 bits  AES256-SHA                   
TLSv1.2  256 bits  AES256-GCM-SHA384            

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  irc.jkent.net
Altnames: DNS:irc.jkent.net, DNS:jkent.net, othername:, othername:, othername:, othername:
Issuer:   StartCom Class 1 Primary Intermediate Server CA

Statistics: Posted by jkent — Tue Jun 30, 2015 12:17 pm

Re: SSL/TLS handshake issue

2015-06-30T10:52:58+08:00

I got the same handshake error when connecting to https://my.flair.zone/api/help. And as I explained in this thread (http://bbs.espressif.com/viewtopic.php?f=7&t=602), I don't think the CA verification will work because the handshake occurs before CA verification. Faye, is there any way to get one of the Espressif engineers to reproduce the issue and take a quick look? It should be really easy for them given that they have access to the source code.

Statistics: Posted by Guest — Tue Jun 30, 2015 10:52 am

Re: SSL/TLS handshake issue

2015-06-30T10:42:01+08:00

Thanks for getting back with me Faye,

I tried as suggested, and I got the same result. I would not expect enabling CA verification would help if it does not work with it disabled.

In the meantime, I will get a certificate signed by my CA, and report back.

Statistics: Posted by jkent — Tue Jun 30, 2015 10:42 am

Re: SSL/TLS handshake issue

2015-06-30T09:56:53+08:00

Hi，

Please refer to documentation “ESP8266__SDK__SSL_User_Manual” in \esp_iot_sdk_v1.1.2\document\SSL ，chapter “3 ESP8266 as SSL client”

Generate “esp_ca_cert.bin” with your CA of "jkent.net:6697", and download “esp_ca_cert.bin” into flash.

Could it help solve your problem ?

Statistics: Posted by ESP_Faye — Tue Jun 30, 2015 9:56 am

Re: SSL/TLS handshake issue

2015-06-30T00:16:47+08:00

jkent.net:443 is an Apache HTTP server with a 2048 bit certificate signed by a certificate authority. jkent.net:6697 is an IRC server running UnrealIRCd using a 1024 bit self-signed certificate. Also the accepted ciphers are different, as shown below in the sslscan output:

Code:

jkent@quark:~/sslscan$ ./sslscan jkent.net:443
Version: 1.10.4-rbsec-static
OpenSSL 1.0.2d-dev xx XXX xxxx

Testing SSL server jkent.net on port 443

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
Accepted  TLSv1.0  256 bits  AES256-SHA                   
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.0  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.0  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 1024 bits
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
Accepted  TLSv1.1  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
Accepted  TLSv1.1  256 bits  AES256-SHA                   
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
Accepted  TLSv1.1  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.1  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.1  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 1024 bits
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 1024 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 1024 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
Accepted  TLSv1.2  256 bits  AES256-SHA256                
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 1024 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 1024 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  128 bits  AES128-SHA256                
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.2  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.2  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 1024 bits
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 

  Preferred Server Cipher(s):
TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  www.jkent.net
Altnames: DNS:www.jkent.net, DNS:jkent.net
Issuer:   StartCom Class 1 Primary Intermediate Server CA

Code:

jkent@quark:~/sslscan$ ./sslscan jkent.net:6697
Version: 1.10.4-rbsec-static
OpenSSL 1.0.2d-dev xx XXX xxxx

Testing SSL server jkent.net on port 6697

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Accepted  SSLv3    256 bits  AES256-SHA                   
Accepted  SSLv3    256 bits  CAMELLIA256-SHA              
Accepted  SSLv3    128 bits  AES128-SHA                   
Accepted  SSLv3    128 bits  SEED-SHA                     
Accepted  SSLv3    128 bits  CAMELLIA128-SHA              
Accepted  SSLv3    128 bits  RC4-SHA                      
Accepted  SSLv3    128 bits  RC4-MD5                      
Accepted  SSLv3    112 bits  DES-CBC3-SHA                 
Accepted  SSLv3    56 bits   DES-CBC-SHA                  
Accepted  TLSv1.0  256 bits  AES256-SHA                   
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  128 bits  SEED-SHA                     
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.0  128 bits  RC4-SHA                      
Accepted  TLSv1.0  128 bits  RC4-MD5                      
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.0  56 bits   DES-CBC-SHA                  
Accepted  TLSv1.1  256 bits  AES256-SHA                   
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  128 bits  SEED-SHA                     
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.1  128 bits  RC4-SHA                      
Accepted  TLSv1.1  128 bits  RC4-MD5                      
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.1  56 bits   DES-CBC-SHA                  
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
Accepted  TLSv1.2  256 bits  AES256-SHA256                
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  128 bits  AES128-SHA256                
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  128 bits  SEED-SHA                     
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.2  128 bits  RC4-SHA                      
Accepted  TLSv1.2  128 bits  RC4-MD5                      
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.2  56 bits   DES-CBC-SHA                  

  Preferred Server Cipher(s):
SSLv3    256 bits  AES256-SHA                   
TLSv1.0  256 bits  AES256-SHA                   
TLSv1.1  256 bits  AES256-SHA                   
TLSv1.2  256 bits  AES256-GCM-SHA384            

  SSL Certificate:
Signature Algorithm: sha1WithRSAEncryption
RSA Key Strength:    1024

Subject:  irc.jkent.net
Issuer:   irc.jkent.net

Statistics: Posted by jkent — Tue Jun 30, 2015 12:16 am

Re: SSL/TLS handshake issue

2015-06-29T13:36:04+08:00

Hi,

What's the different between "jkent.net:6697" and "jkent.net:443" ?

Statistics: Posted by ESP_Faye — Mon Jun 29, 2015 1:36 pm

SSL/TLS handshake issue

2015-06-28T12:14:28+08:00

I've been working on a project and cannot seem to get SSL/TLS to work with a particular server: jkent.net:6697

[Edit: I'm using the latest SDK, 1.1.2]

Code:

client handshake start.
client handshake failed

Connecting to my https server, jkent.net:443, works fine.

As suggested elsewhere, I'm using:

Code:

espconn_secure_set_size(ESPCONN_CLIENT, 5120);

Help with diagnosing this issue is appreciated.

Statistics: Posted by jkent — Sun Jun 28, 2015 12:14 pm