Seeed_Arduino_rpcWiFi icon indicating copy to clipboard operation
Seeed_Arduino_rpcWiFi copied to clipboard
verified publisher icon Seeed-Studio

TLS Not Working - Client Hello Getting Rejected

Open telprom-net opened this issue 2 years ago • 0 comments

I have installed the latest Firmware on my Wio Terminal, RTL8720 Firmware Version: 2.1.3, I also have the latest version of the Seed_Arduino_rpcWifi library, version 1.0.6. I have a problem with TLS. When I send the POST request, presented below, the server rejects the 'Client Hello', error: connection refused.

#include <rpcWiFi.h>
#include <HTTPClient.h>
WiFiClientSecure client;

const char* root_ca = \
  "-----BEGIN CERTIFICATE-----\n"
  "...\n";

//Init serial connection, connect to WiFi
//...

HTTPClient https;

client.setCACert(root_ca);
https.begin(client, "https://example.com/login");
https.addHeader("Content-Type", "application/json");
String requestBody = "{\"username\": \"user\", \"password\": \"pass\"}";
int httpCode = https.POST(requestBody);

if(httpCode > 0) {
    if(httpCode == HTTP_CODE_OK) {
      String payload = https.getString();
      Serial.println(payload);
    }
  } else {
    Serial.printf("[HTTP] GET... failed, error: %s\n", https.errorToString(httpCode).c_str()); //connection refused
  }
  https.end();

In the Wireshark capture the client sends a 'Client Hello' and the server responds with 'Handshake Failure'. If I test the API with Postman, it works. The Arduino client uses TLS version 1.2 and the ciphersuites below. ciphersuites

Meanwhile Postman uses TLS version 1.2 and the ciphersuite 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. I tried forcing my Arduino client to use the mentioned ciphersuite, but I did not succeed, even though the client is familiar with the mentioned ciphersuite. I tried changing the ciphersuite, using the built-in function, 'mbedtls_ssl_conf_ciphersuites'. If I execute the code below I get the error 'Undefined reference', displayed below:

static const int ciphersuites = MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256; mbedtls_ssl_config ssl_conf = client.getSSLclient()->ssl_conf; //getSSLclient() is a custom getter function mbedtls_ssl_conf_ciphersuites(&ssl_conf, &ciphersuites);

undefinedReference

If I execute the same function, without arguments, mbedtls_ssl_conf_ciphersuites(), I get the error: 'too few arguments', displayed below:

tooFewArg

All needed libraries are included, I double checked that the arguments to the function are the right type, but none of the declared functions work. For example, mbedtls_ssl_config_defaults(), doesn't work either. Any ideas on how to solve this?

telprom-net avatar Jul 17 '23 14:07 telprom-net