1 Topic by mehra.akshat (edited by mehra.akshat 2017-03-16 06:14:33)

  • Registered: 2017-03-16
  • Posts: 6

Topic: Error -308 with WolfSSL on TI-RTOS

I am using WolfSSL v 3.10.2 with TI-RTOS and I get socket error -308 while connecting to my corporate's cloud server.

After enabling WolfSSL logs I see that during SSL handshake, the server sends a connection close (may be a TCP reset) immediately after my device sends CLIENT_HELLO.

Logs are attached for reference.

Please let me know the possible causes of connection close immediately after sending CLIENT_HELLO, Is there anything to be enabled on WolfSSL side? Also, excuse me as I am not an SSL expert here.

Another input is that I also tried to replicate the behaviour with openssl, but does not see the error and SSL handshake is always successful . The cipher suite that is negotiated between openssl and the problematic server is AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA).

Please advise.

Thanks,
Akshat

Post's attachments

WolfSSL_logs_1.txt 1.9 kb, 9 downloads since 2017-03-16 

You don't have the permssions to download the attachments of this post.

Share

  • Registered: 2016-12-22
  • Posts: 9

Re: Error -308 with WolfSSL on TI-RTOS

1. How did you get the logs?
2. Did you try to build the wolfSSL with the cipher?

Share

  • Registered: 2017-03-16
  • Posts: 6

Re: Error -308 with WolfSSL on TI-RTOS

Hi malikfehan123

Thanks for your post.
I got the logs by enabling debug prints in WolfSSL library.
After much debugging, I was able to find the exact issue and the define to enable the required cipher.
My issue is solved now.

Thanks,
Akshat

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: Error -308 with WolfSSL on TI-RTOS

Hi mehra.akshat,

Happy to hear you were able to solve the issue. I apologize I did not reply sooner as I was out of the office traveling last week. Let us know if you have any other questions, we are always happy to help in any way we can!

Thanks malikfehan123 for helping out in my absence!


Regards,

Kaleb

Kaleb J. Himes's Website

Share

  • Registered: 2017-03-16
  • Posts: 6

Re: Error -308 with WolfSSL on TI-RTOS

Hi Kaleb,

Thanks for your reply.
My project has just started and I may need tons of support in future and may need to bother you.

Thanks,
Akshat

Share

  • Registered: 2017-03-30
  • Posts: 19

Re: Error -308 with WolfSSL on TI-RTOS

Hi mehra.akshat,

I am getting the same error. can you tell me the solution.

Share

  • Registered: 2017-03-16
  • Posts: 6

Re: Error -308 with WolfSSL on TI-RTOS

Hi Nimesh,

I guess you may get the same error code for multiple issues and my troubleshooting steps may not apply directly to yours.
Anyways, I am posting the troubleshooting that I did.

My exact issue was that the SSL server always sent a TCP_RESET immediately after I sent CLIENT_HELLO message due to the required cipher suite(TLS_RSA_WITH_AES_256_CBC_SHA) not being advertised in CLIENT_HELLO message.

The issue was resolved by enabling the required cipher suite with the...

#define  WOLFSSL_STATIC_PSK - This is a typo, he meant to say:
WOFLSSL_STATIC_RSA
- Kaleb

... and recompiling and linking the Wolf-SSL library with my application code.

Hope this helps.

Thanks,
Akshat

Share

  • Registered: 2017-03-30
  • Posts: 19

Re: Error -308 with WolfSSL on TI-RTOS

Hi Akshat,

Thanks For Reply.

I am applying your suggestion. But i am facing 2-3 problems. please excuse me if questions are not relevant as i am new in SSL.

My Questions are:

1. Which TI RTOS and wolfssl are you currently used in your project. I tried with TIRTOS 2.16.01.14  and  wolfssl-3.10.2

2. I dont know where to write  "--enable-debug " , I mean how to enable debug option.

3. As you suggest, Enable #define  WOLFSSL_STATIC_PSK But In which file I have to Enable It. can you give me some documents related to it.

Thanks
Nimesh

See define WOLFSSL_STATIC_RSA instead please, that was a typo w/ PSK
- Kaleb

Share

  • Registered: 2017-03-16
  • Posts: 6

Re: Error -308 with WolfSSL on TI-RTOS

Hi Nimesh,

Sorry for a late reply.

1. I use the same versions for both.


2. Please refer to WolfSSL manual   https://www.wolfssl.com/wolfSSL/Docs-wo … l-toc.html

    To enable debug option open WolfSSL source file  "C:\ti\wolfssl\wolfssl\wolfcrypt\settings.h" (Assuming you have extracted the WolfSSL source to "C:\ti\wolfssl") and under line "#ifdef WOLFSSL_TIRTOS" add line  "#define DEBUG_WOLFSSL"

In your application code include the headers:

#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/logging.h>

and call the following functions:

wolfSSL_Debugging_ON();
wolfSSL_SetLoggingCb(log_function);

void log_function(const int logLevel, const char *const logMessage)
{
   
    // USE SYSTEM PRINTF to outpul SSL logs to console

}



3. To enable the required cipher suite

In step 2, add the following line also

#define WOLFSSL_STATIC_RSA             


Hope this helps.

Thanks

Share

  • Registered: 2017-03-16
  • Posts: 6

Re: Error -308 with WolfSSL on TI-RTOS

Hi Nimesh,


Another thing is that you need to recompile the WolfSSL library after the above changes

If you are not aware about how to compile, please refer:

http://processors.wiki.ti.com/index.php … th_TI-RTOS

Thanks.

Share

  • Registered: 2017-03-30
  • Posts: 19

Re: Error -308 with WolfSSL on TI-RTOS

Hi Akshat,

Thanks For Reply. Its Realy Helping me lot.

By Applying your suggestion, Now echoclient running in visual studio 2013 connecting to the echoserver successfully.

But since it is echoclient and echoserver i must receive same data back but it doesn't happen in this case. After sending data successfully first time, it didn't get any echo data (SSL_read() return 0). And due to that second time data write fail (SSL_write() fail).

Also i enable the "#define DEBUG_WOLFSSL" But i didnt get any log files in wolfssl-->debug folder. May be i am searchin it in wrong location. where to search it?

Thanks,
Nimesh

Share