SSL - An invalid SSL record was received MbedTLS message code: -29184

[thedim-witted]

I'm working with esp32 WROOM where I am trying to send some data through http request using the arduino Json. The code works fine and I receive data on the other side, however, after some random number of runs the uploading gets stuck at "writing http request" and throws the error an "SSL - An invalid SSL record was received" and in the other line it states as "MbedTLS message code: -29184". And because it is only happening after a few successful runs I am unable to understand where the issue is. Any help would be really appreciated.

The data send code:

DynamicJsonBuffer jsonBuffer(14700);
float X1dataArray[SAMPLE_SIZE], Y1dataArray[SAMPLE_SIZE], Z1dataArray[SAMPLE_SIZE];

void loop() {
  //use the SPI buses
  int iterator;
  connection_iterator = 0;
  connection_iterator2 = 0;

  if (wifiMulti.run() == WL_CONNECTED) {
    Serial.println("");
    Serial.println("WiFi connected");
    Serial.println("IP address: ");
    Serial.println(WiFi.localIP());
  }

  jsonBuffer.clear();
  JsonObject &rootObject = jsonBuffer.createObject();
  JsonObject &dataObject = rootObject.createNestedObject("data");
  JsonArray &X1dataObject = dataObject.createNestedArray("X1");
  JsonArray &Y1dataObject = dataObject.createNestedArray("Y1");
  JsonArray &Z1dataObject = dataObject.createNestedArray("Z1");

  rootObject["coreid"] = String(low, HEX) + String(high, HEX);
  //rootObject["coreid_high"] = String(high, HEX);
  rootObject["sample_time"] = int(time_taken);
  rootObject["firmware_version"] = FIRMWARE_UPDATE_VERSION;
  rootObject.prettyPrintTo(Serial);
  Serial.print("connecting to ");
  Serial.println(host);
  while ((!client.connect(host, httpsPort)) && !setup_mode) {
    connection_iterator++;
    Serial.println("connection failed! Retrying..");
    delay(5000);
    if (connection_iterator >= 10)
      ESP.restart();
  }
  if (client.verify(fingerprint, host)) {
    Serial.println("certificate matches");
  } else {
    Serial.println("certificate doesn't match");
  }
  digitalWrite(LED_BUILTIN, HIGH);
  Serial.print("requesting URL: ");
  Serial.println(url);
  client.println(String("POST ") + url + " HTTP/1.0");
  client.println(String("Host: ") + host);
  client.println("Cache-Control: no-cache");
  client.println("Content-Type: application/json");
  client.print("Content-Length: ");
  client.println(rootObject.measureLength());
  client.println();
  rootObject.printTo(client);
  Serial.println("request sent");
  while ((client.connected()) && !setup_mode) {
    connection_iterator2++;

    String line = client.readStringUntil('\n');
    if (line == "\r") {
      Serial.println("headers received");
      break;
    }
    Serial.println("Waiting for response");
    digitalWrite(LED_BUILTIN, HIGH);
    delay(100);
    digitalWrite(LED_BUILTIN, LOW);
    delay(100);
    if (connection_iterator2 >= 30) {
      Serial.println("No response from server");
      break;
    }
  }

  String line = client.readStringUntil('\n');
  if (line.startsWith("{")) {
    Serial.println("esp32/Arduino CI successfull!");
  } else {
    Serial.println("esp32/Arduino CI has failed");
  }
  Serial.println("reply was:");
  Serial.println("==========");
  Serial.println(line);
  Serial.println("==========");
  Serial.println("closing connection");
  digitalWrite(LED_BUILTIN, LOW);

}

The log at the point of failure

14:46:55.694 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 14:46:55.694 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 14:46:55.694 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 14:46:55.728 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 14:46:55.728 -> request sent 14:46:55.728 -> [E][ssl_client.cpp:33] handle_error(): SSL - An invalid SSL record was received 14:46:55.728 -> [E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -29184 14:46:55.728 -> [V][ssl_client.cpp:245] stop_ssl_socket(): Cleaning SSL connection. 14:46:56.710 -> esp32/Arduino CI has failed 14:46:56.745 -> reply was:

The log does make it clear that the problem is coming somewhere at the stage of SSL/TLS connection but I am not able to pinpoint to where as I am new to this.

[thedim-witted]

A more detailed error log:

15:25:36.881 -> }connecting to requestbin.fullcontact.com 15:25:36.881 -> [V][ssl_client.cpp:53] start_ssl_client(): Free internal heap before TLS 214996 15:25:36.881 -> [V][ssl_client.cpp:55] start_ssl_client(): Starting socket 15:25:36.916 -> [V][ssl_client.cpp:90] start_ssl_client(): Seeding the random number generator 15:25:36.916 -> [V][ssl_client.cpp:99] start_ssl_client(): Setting up the SSL/TLS structure... 15:25:36.916 -> [I][ssl_client.cpp:153] start_ssl_client(): WARNING: Use certificates for a more secure communication! 15:25:36.916 -> [V][ssl_client.cpp:177] start_ssl_client(): Setting hostname for TLS session... 15:25:36.916 -> [V][ssl_client.cpp:192] start_ssl_client(): Performing the SSL/TLS handshake... 15:25:36.950 -> [V][ssl_client.cpp:213] start_ssl_client(): Verifying peer X.509 certificate... 15:25:36.950 -> [V][ssl_client.cpp:222] start_ssl_client(): Certificate verified. 15:25:36.950 -> [V][ssl_client.cpp:237] start_ssl_client(): Free internal heap after TLS 178476 15:25:36.950 -> [D][ssl_client.cpp:353] verify_ssl_fingerprint(): pos:59 len:59 fingerprint too short 15:25:36.950 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:36.984 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:36.984 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:36.984 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:36.984 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:36.984 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:36.984 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:37.018 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:37.018 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:37.018 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:37.018 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:37.018 -> [V][ssl_client.cpp:276] send_ssl_data(): Writing HTTP request... 15:25:37.018 -> [E][ssl_client.cpp:33] handle_error(): SSL - An invalid SSL record was received 15:25:37.053 -> [E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -29184 15:25:37.053 -> [V][ssl_client.cpp:245] stop_ssl_socket(): Cleaning SSL connection.

[thedim-witted]

The interesting part is that this is not happening always but only sometimes in between, randomly. I haven't yet seen any pattern regarding this.

The problem seems to be somewhere in the process of creating an SSL/TLS connection through the WiFiSecureClient library.

One of the other major issues that is bugging me is that it doesn't work without the debug level "verbose". I have seen other people with the same problem but without a definitive answer or solution to that. And because the verbose is literally "verbose", I cannot deploy the code and with it and the code doesn't work without it.

[chegewara]

15:25:36.950 -> [D][ssl_client.cpp:353] verify_ssl_fingerprint(): pos:59 len:59 fingerprint too short

[thedim-witted]

This is because I am using the fingerprint of a different server on this test one. However, even if the fingerprints don't match the data is still getting sent and is received on the other end some of the times.

[chegewara]

If you think its not important then good luck.

[thedim-witted]

Ok. I'll try it again with a valid fingerprint and check that too. However, one other issue the code not working in case of no debug level lower than "Verbose". Any suggestions for that?

Thanks.

[thedim-witted]

Hey. Sorry for being late. So I did try with a valid certificate and private key verification but unfortunately, it is getting stuck again. This time I am not even getting any error messages as it is just restarting

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This stale issue has been automatically closed. Thank you for your contributions.

[Yuron5]

Hi! I have similar problem with ESP-WROOM-32 and HTTPSRedirect library. Problem can be in Maximum TLS message length (in bytes) supported by mbedTLS. 64Kb or 16384 is the default value. If the value is set too low, symptoms are a failed TLS handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD (-0x7200). This variable sets on sdkconfig.h and you can check it. In my case using PlatformIO the way is C:\Users\.platformio\packages\framework-arduinoespressif32\tools\sdk\include\config\sdkconfig.h Tech docs.

[caipifrosch]

There is a similar problem on my end. Log is reporting invalid SSL record and ESP reboots due to heap problem.

Issue happens very random. Sometime within hours, but also happens after days of operation.

I am using PlatformIO with latest ESP framework release 2.0.9.

Anyone solved this problem or may have ideas how to takle this?

Thanks a lot in advance for your replies!

15:06:00.360 > SYSTEM: Runtime: 0d 01h 20min 05sec Free Heap: 90.86 KB 15:06:00.362 > 15:06:09.845 > [4814632][E][ssl_client.cpp:37] _handle_error(): [data_to_read():361]: (-29184) SSL - An invalid SSL record was received 15:06:09.854 > [4814633][E][ssl_client.cpp:37] _handle_error(): [data_to_read():361]: (-29184) SSL - An invalid SSL record was received 15:06:09.864 > CORRUPT HEAP: Bad head at 0x3ffd9240. Expected 0xabba1234 got 0x3ffcd9ec 15:06:09.870 > 15:06:09.873 > assert failed: multi_heap_free multi_heap_poisoning.c:253 (head != NULL) 15:06:09.879 > 15:06:09.879 > 15:06:09.879 > Backtrace: 0x40083e45:0x3ffbb400 0x40095301:0x3ffbb420 0x4009af69:0x3ffbb440 0x4009abdb:0x3ffbb570 0x40084309:0x3ffbb590 0x4008d3e1:0x3ffbb5b0 0x401dc122:0x3ffbb5d0 0x401cd8b2:0x3ffbb5f0 0x400f656a:0x3ffbb610 0x400f5268:0x3ffbb630 0x400f5349:0x3ffbb650 0x400f52b4:0x3ffbb670 0x4022c34a:0x3ffbb690 0x4022bd55:0x3ffbb6c0 0x400e0a05:0x3ffbb6e0 0x400d3a43:0x3ffbb700 0x4012edcf:0x3ffbb720 15:06:09.912 > 15:06:09.912 > 15:06:09.912 > 15:06:09.912 > 15:06:09.912 > ELF file SHA256: 89e4abb211f07ab3 15:06:09.916 > 15:06:10.328 > Rebooting...