Eclipse ThreadX - NetXDuo is an advanced, industrial-grade TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications
Hello,
I am facing an issue with MQTTs (TLS 1.3) implementation. I am using the STMH563ZI board (with TheadX as RTOS) and using the serverless emqx broker for testing.
When I try to connect to the broker over TLS 1.3, I receive an fatal alert with alertcode 10 which is "unexpected_message".
Following is my TLS setup :
/* Initialize TLS module */
_nx_secure_tls_initialize();
/* Create a TLS session */
ret = _nx_secure_tls_session_create(TLS_session_ptr, &nx_crypto_tls_ciphers_ecc,
crypto_metadata_client, sizeof(crypto_metadata_client));
if (ret != TX_SUCCESS)
{
Error_Handler();
}
ret = _nx_secure_tls_ecc_initialize(TLS_session_ptr,
nx_crypto_ecc_supported_groups,
nx_crypto_ecc_supported_groups_size,
nx_crypto_ecc_curves);
if (ret != TX_SUCCESS)
{
Error_Handler();
}
/* Need to allocate space for the certificate coming in from the broker. */
memset((certificate_ptr), 0, sizeof(NX_SECURE_X509_CERT));
ret = _nx_secure_tls_session_time_function_set(TLS_session_ptr, nx_secure_mqtt_tls_session_time_function);
if (ret != TX_SUCCESS)
{
Error_Handler();
}
/* Allocate space for packet reassembly. */
ret = _nx_secure_tls_session_packet_buffer_set(TLS_session_ptr, mqtts_tls_packet_buffer,
sizeof(mqtts_tls_packet_buffer));
if (ret != TX_SUCCESS)
{
Error_Handler();
}
/* allocate space for the certificate coming in from the remote host */
ret = _nx_secure_tls_remote_certificate_allocate(TLS_session_ptr, certificate_ptr,
mqtts_tls_packet_buffer, sizeof(mqtts_tls_packet_buffer));
if (ret != TX_SUCCESS)
{
Error_Handler();
}
/* initialize Certificate to verify incoming server certificates. */
ret = _nx_secure_x509_certificate_initialize(trusted_certificate_ptr, (UCHAR*)emqxsl_ca_der,
emqxsl_ca_der_len, NX_NULL, 0, NULL, 0,
NX_SECURE_X509_KEY_TYPE_NONE);
if (ret != TX_SUCCESS)
{
Error_Handler();
}
/* Add a CA Certificate to our trusted store */
ret = _nx_secure_tls_trusted_certificate_add(TLS_session_ptr, trusted_certificate_ptr);
if (ret != TX_SUCCESS)
{
Error_Handler();
}
/* Add a sni extension */
nx_secure_x509_dns_name_initialize(&dns_name,(UCHAR *)mqtts_broker_name,strlen(((const char*)mqtts_broker_name)));
nx_secure_tls_session_sni_extension_set(TLS_session_ptr, &dns_name);
_nx_secure_tls_remote_certificate_allocate(TLS_session_ptr, &remote_certificate, remote_cert_buffer, sizeof(remote_cert_buffer));
_nx_secure_tls_remote_certificate_allocate(TLS_session_ptr, &remote_issuer, remote_issuer_buffer, sizeof(remote_issuer_buffer));
return ret;
I have added to root CA certificate and the SNI extension and have checked that tls1.3 is getting enabled.
Moreover, I am able to connect to the broker over tls1.2 with no issue at all (tls1.3 is disabled), but when tls1.3 is enabled the connection fails even with tls1.2
I also tried my connection with hivemq serverless cloud, it was able to communicate over tls1.2 but with tls1.3 it failed with alert code of 51 which is "decrypt_error"
Hello, I am facing an issue with MQTTs (TLS 1.3) implementation. I am using the STMH563ZI board (with TheadX as RTOS) and using the serverless emqx broker for testing. When I try to connect to the broker over TLS 1.3, I receive an fatal alert with alertcode 10 which is "unexpected_message". Following is my TLS setup :
I have added to root CA certificate and the SNI extension and have checked that tls1.3 is getting enabled. Moreover, I am able to connect to the broker over tls1.2 with no issue at all (tls1.3 is disabled), but when tls1.3 is enabled the connection fails even with tls1.2
I also tried my connection with hivemq serverless cloud, it was able to communicate over tls1.2 but with tls1.3 it failed with alert code of 51 which is "decrypt_error"
Is there anything i am missing? Thank you!