Closed JotaPel23 closed 7 months ago
Thank you for your report and already spending some time on investigating the problem.
Investigating here I have seen that it may be due to a call that should not occur to mbedtls_ssl_close_notify, due to some problem with response times in handshaking, but I don't know how this can be modified on the server.
The only place where the library sends the mbedtls_ssl_close_notify
is in MbedTLSBuffer.shutdown()
. I also see that TLSWrappedSocket.close()
calls TLSWrappedBuffer.shutdown()
. That may be the origin of this bug. I'm not entirely sure. Could you try to remove this line and try again?
That would be this line: https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/tls.py#L320
Since I can't reproduce this bug, I'll have to rely on you for testing.
Thank you very much for your help.
I have tried commenting that line and it continues to give me the same errors. Is there any possibility to manage server response times during hansaking? We are trying to make the connection with UDP and NBiot modules and we think that it may be a network problem due to the timings, because it is very strange that sometimes the connection works and sometimes it doesn't.
I'm trying modifying these parameters in the DTLS configuration, but it doesn't seem to fix the problem either:
conf = DTLSConfiguration(
handshake_timeout_min = 1,
handshake_timeout_max = 60000.0,
ciphers=( "TLS-PSK-WITH-AES-128-CBC-SHA",),
pre_shared_key_store=args.psk_store, validate_certificates=False
)
The settings you’re changing are the ones. Now, if it’s really a timing issue, it can be reproduced by instrumenting the code. You could try to make the handshake slower by adding sleep
calls in do_handshake()
or even fake a slow overall communication by instrumenting buffer_write
and buffer_read
. For the buffer_*
, you will need to take the Gil, probably,
with gil:
import time
time.sleep(…
I would really like to get the hardware out of the way because my experience with embedded is that the vendors do not always implement their stack correctly. Although some do, obviously. 😄
When you say it is slow: how slow is the communication exactly? How long does a successful handshake take?
Finally, any chance you’d be able to try TLS as well? A TLS handshake is actually simpler.
Actually, the HelloVerifyRequest exception is a normal step during the DTLS handshake. Are you sure that you’ve implemented the server correctly? 🤔
Have a look at _make_dtls_connection
in programs/server.py
.
You can certainly control that client and server are indeed correct without extra hardware.
Thank you very much again for helping me.
I have done a lot of tests and I have not been able to get it to work correctly with the communications module. I think it has to be something about the network latency, because for example with a SIM from one company it works almost always for me and with another SIM from another company it has not worked even once. Using the library's example client and server on local server works every time.
I tried what you told me about sleeps and it worked even worse, so I understand that what is happening is that the module runs too fast for the server. It makes many retries and I guess it doesn't wait the necessary time for my answers, or something like that.
On the other hand, I have the _make_dtls_connection
exactly the same as in the example. So I guess that's not the problem either.
Well then, it's clearly a problem with the module. Either a hardware problem or a buggy implementation on their part. There really is nothing I can do.
NOTE: Please use stackoverflow for support questions. This repository's issues are reserved for feature requests and bug reports.
I am submitting a …
Description
I frequently receive this error when trying to connect to the test server.py with a communications module:
It happens randomly, since many other times the operation is correct and also, when I try it with the test client it always works fine.
Investigating here I have seen that it may be due to a call that should not occur to
mbedtls_ssl_close_notify
, due to some problem with response times in handshaking, but I don't know how this can be modified on the server.Current behavior
The error occurs about 50 percent of the times I try to connect to the server from a communications module with a SIM card.
Expected behavior
Successful handshake every time.
Steps to reproduce
Start the server: python3 server.py --dtls --address xx.xx.xx.xx --port xxx --debug 3 --psk-store CLI1=010f0304050607083
I start the communications module and try to connect with the server.
Minimal demo of the problem