Closed owen63 closed 9 months ago
AdityaHPatwardhan
commented
9 months ago Hi @owen63, Thanks for the issue. Can you share any error logs that you observed while trying the connection with TLS 1.3? If I understand correctly, for mbedTLS the ALT layers are to be replaced in future by the PSA Crypto layer but the current layer are supposed to be functioning correctly. If posible can you share a small reproducible code that I can quickly try at my end? Thanks, Aditya
owen63
commented
9 months ago Hi Aditya,
I am putting together a sample project now...
On Mon, 29 Jan 2024 at 14:51, Aditya Patwardhan @.***> wrote:
Hi @owen63 https://github.com/owen63, Thanks for the issue. Can you share any error logs that you observed while trying the connection with TLS 1.3? If I understand correctly, for mbedTLS the ALT layers are to be replaced in future by the PSA Crypto layer but the current layer are supposed to be functioning correctly. If posible can you share a small reproducible code that I can quickly try at my end? Thanks, Aditya
— Reply to this email directly, view it on GitHub https://github.com/espressif/esp-idf/issues/12977#issuecomment-1913829091, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXRUI77LCGS5KPPLT3VEWCLYQ36A7AVCNFSM6AAAAABB2QH5DOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJTHAZDSMBZGE . You are receiving this because you were mentioned.Message ID: @.***>
Answers checklist.
General issue report
esp-idf v5.12, mbedtls v3.5.0 I have had issues connecting ESP32-S3 to ThingsBoard using TLS 1.3 mutual authentication and DS. The problem was that the DS peripheral is configured with rsa_alt (see esp_mbedtls_init_pk_ctx_for_ds) and rsa_alt only supports MBEDTLS_PK_RSA, not MBEDTLS_PK_RSASSA_PSS. This conflicts with mbedtls which does not support MBEDTLS_PK_RSA (legacy?) in mbedtls_ssl_tls13_check_sig_alg_cert_key_match() and mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(). Can the DS peripheral be configured for rsa (which supports MBEDTLS_PK_RSA and MBEDTLS_PK_RSASSA_PSS)?