Topic: How to upgrade to latest wolfssl library with ECC508 support

Hello:

I'm using wolfssl with Atmel/Microchip ECC508 HW, but I'm not longer able to connect to AWS IoT Core as I'm getting this error;


wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
SSL version error
wolfSSL error occurred, error = -326
ERROR: aws_client_mqtt_connect L#618 Error(8) : Failed to TLS connect!

So I guess it's time to updgrade the wolfssl library. However, how should I proceed on this as I see latest release might not have the ECC508 configuration, so dropping the new stack into my project might break the current configuration (using HW accelerator)?

Any help on how to upgrade keeping the current configuration?

Thanks
Gus

Share

Re: How to upgrade to latest wolfssl library with ECC508 support

Hello Gus,

While we always recommend that users are on the latest release, the version error you are seeing is likely related to the TLS protocol version in the handshake. You will probably be able to fix the issue by configuring and using a later version of the TLS protocol to establish the connection.

Please review section 4.2 PROTOCOL SUPPORT
https://www.wolfssl.com/docs/wolfssl-manual/ch4/

Thanks,
Eric @ wolfSSL Support

Re: How to upgrade to latest wolfssl library with ECC508 support

Hello Eric:

Thanks for the help.
I followed your guidance and I checked I'm actually using TLS1.2 (somehow I though I was using 1.1) which seems to be the default for AWS IoT Core.

Anyway, I replaced the function to use the wolfSSLv23_client_method( ) which seems to be a better choice to take care of selecting the highest version supported from both ends. Nevertheless, the error continues with same error message....

Any idea what else could be causing the error? Something related to certificates could also give this error?

I appreciate any direction.

Regards;
Gus

Share

Re: How to upgrade to latest wolfssl library with ECC508 support

Hi Gus,

Thanks for the update. Next step in debugging this would be to review a pcap of the failing handshake.

If you'd prefer to move off this public forum, please send an email to support@wolfssl.com referencing this forum thread and attach a pcap of the handshake.

Thanks,
Eric @ wolfSSL Support

Re: How to upgrade to latest wolfssl library with ECC508 support

Thanks, Eric.
I sent an email to support@wolfssl.com

Regards;
Gus

Share