- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
During my tests SMTP, we used several email servers. In one of them we noticed that the TLS protocol simply hangs.
This happens while using smtp.office365.com server. I debugged the code and discovered that I got stuck in function wiced_tcp_start_tls function, more specifically in the ssl_handshake_client_async call that is inside the wiced_generic_start_tls_with_ciphers (WICED\security\BESL\host\WICED\wiced_tls.c) function.
I sniffed the communication with Wireshark and compared it to other TLS connections that worked without any flaw. See the comparisson below:
OK connection (10.0.2.105 is our SMTP client):
# Time Source Destination Protocol Len Info
80 200.741399186 10.0.2.105 64.233.190.108 TLSv1.2 166 Client Hello
81 200.806354972 64.233.190.108 10.0.2.105 TCP 54 587 → 44159 [ACK] Seq=250 Ack=137 Win=60928 Len=0
82 200.807557616 64.233.190.108 10.0.2.105 TLSv1.2 1484 Server Hello
83 200.807665543 64.233.190.108 10.0.2.105 TLSv1.2 1362 Certificate, Server Key Exchange, Server Hello Done
84 200.812398331 10.0.2.105 64.233.190.108 TCP 60 44159 → 587 [ACK] Seq=137 Ack=1680 Win=7168 Len=0
85 200.963590875 10.0.2.105 64.233.190.108 TCP 60 44159 → 587 [ACK] Seq=137 Ack=2988 Win=7168 Len=0
86 201.027162462 10.0.2.105 64.233.190.108 TLSv1.2 129 Client Key Exchange
87 201.034224390 10.0.2.105 64.233.190.108 TLSv1.2 60 Change Cipher Spec
...... communication goes on.....
Failed connection (10.0.2.105 is our SMTP client):
# Time Source Destination Protocol Len Info
31 39.003257162 10.0.2.105 52.97.71.146 TLSv1.2 166 Client Hello
32 39.024934963 52.97.71.146 10.0.2.105 TCP 1514 587 → 63509 [ACK] Seq=344 Ack=137 Win=1048560 Len=1460 [TCP segment of a reassembled PDU]
33 39.027059613 10.0.2.105 52.97.71.146 TCP 60 63509 → 587 [ACK] Seq=137 Ack=1804 Win=7168 Len=0
34 39.046741405 52.97.71.146 10.0.2.105 TCP 1514 587 → 63509 [ACK] Seq=1804 Ack=137 Win=1048560 Len=1460 [TCP segment of a reassembled PDU]
35 39.046814461 52.97.71.146 10.0.2.105 TLSv1.2 1048 Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
36 39.070273930 10.0.2.105 52.97.71.146 TCP 60 63509 → 587 [ACK] Seq=137 Ack=4258 Win=7168 Len=0
...... firmware hangs. No further message from client
Notice that in second example the 'Server Hello' is sent in same message as certificate, key Exchange ... 'Server Hello Done'.
Did anybody face the same problem? Is there any reported issue in TLS implementation for this case?
My environment:
- BCM94343W_AVN
- WICED Version: 5.0.0
Thanks in advance,
Reynaldo
Solved! Go to Solution.
- Labels:
-
TCPIP
-
WICED Studio
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update: I created an outlook.com account and then had my CYW943907AEVAL1F connect to:
(account)@outlook.com
SMTP Server Port Number : 587
TLS: on
It makes it past the TLS handshake and continues on quite happily until the server realizes that I shouldn't have permission to send emails (an administrative thing). Please see the log, attached.
Note that I am currently using WICED SDK 6.2 but with the mbedtls files from SDK 6.0 (per this: SDK6.2 Breaks TLS Compared to SDK6.0 (CYW943907AEVAL1F) )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could try commenting out the following as test:
mbedtls_eap_ssl_context_reinit( &tls_context->context );
Have you tried other mail servers?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi list_3922746! I tried gmail, na internal server (Exchange) and yahoo. All of them are working properly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see. Your WICED version seems quite old. Would you be able to build with a later version? I know that some versions of mbedtls behave differently (e.g., a TLS memory leak in 6.2: SDK6.2 Breaks TLS Compared to SDK6.0 (CYW943907AEVAL1F) ). I wouldn't mind testing with the hotmail server. I'll see if I can duplicate that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update: I created an outlook.com account and then had my CYW943907AEVAL1F connect to:
(account)@outlook.com
SMTP Server Port Number : 587
TLS: on
It makes it past the TLS handshake and continues on quite happily until the server realizes that I shouldn't have permission to send emails (an administrative thing). Please see the log, attached.
Note that I am currently using WICED SDK 6.2 but with the mbedtls files from SDK 6.0 (per this: SDK6.2 Breaks TLS Compared to SDK6.0 (CYW943907AEVAL1F) )