4 Replies Latest reply on Jun 8, 2019 9:59 AM by ChMa_3922746

    TLS handshake error on Hotmail

    renoc_4290386

      Hi,

       

         During my tests SMTP, we used several email servers. In one of them we noticed that the TLS protocol simply hangs.

         This happens while using smtp.office365.com server. I debugged the code and discovered that I got stuck in function wiced_tcp_start_tls function, more specifically in the ssl_handshake_client_async call that is inside the wiced_generic_start_tls_with_ciphers (WICED\security\BESL\host\WICED\wiced_tls.c) function.

          I sniffed the communication with Wireshark and compared it to other TLS connections that worked without any flaw. See the comparisson below:

       

       

          OK connection (10.0.2.105 is our SMTP client):

      #  Time           Source          Destination       Protocol   Len  Info

      80 200.741399186  10.0.2.105      64.233.190.108    TLSv1.2    166  Client Hello

      81 200.806354972  64.233.190.108  10.0.2.105        TCP        54   587 → 44159 [ACK] Seq=250 Ack=137 Win=60928 Len=0

      82 200.807557616  64.233.190.108  10.0.2.105        TLSv1.2    1484 Server Hello

      83 200.807665543  64.233.190.108  10.0.2.105        TLSv1.2    1362 Certificate, Server Key Exchange, Server Hello Done

      84 200.812398331  10.0.2.105      64.233.190.108    TCP        60   44159 → 587 [ACK] Seq=137 Ack=1680 Win=7168 Len=0

      85 200.963590875  10.0.2.105      64.233.190.108    TCP        60   44159 → 587 [ACK] Seq=137 Ack=2988 Win=7168 Len=0

      86 201.027162462  10.0.2.105      64.233.190.108    TLSv1.2    129  Client Key Exchange

      87 201.034224390  10.0.2.105      64.233.190.108    TLSv1.2    60   Change Cipher Spec

      ...... communication goes on.....

       

          Failed connection (10.0.2.105 is our SMTP client):

      #  Time           Source       Destination  Protocol Len   Info

      31 39.003257162   10.0.2.105   52.97.71.146 TLSv1.2  166   Client Hello

      32 39.024934963   52.97.71.146 10.0.2.105   TCP      1514  587 → 63509 [ACK] Seq=344 Ack=137 Win=1048560 Len=1460 [TCP segment of a reassembled PDU]

      33 39.027059613   10.0.2.105   52.97.71.146 TCP      60    63509 → 587 [ACK] Seq=137 Ack=1804 Win=7168 Len=0

      34 39.046741405   52.97.71.146 10.0.2.105   TCP      1514  587 → 63509 [ACK] Seq=1804 Ack=137 Win=1048560 Len=1460 [TCP segment of a reassembled PDU]

      35 39.046814461   52.97.71.146 10.0.2.105   TLSv1.2  1048  Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done

      36 39.070273930   10.0.2.105   52.97.71.146 TCP      60    63509 → 587 [ACK] Seq=137 Ack=4258 Win=7168 Len=0

      ...... firmware hangs. No further message from client

       

           Notice that in second example the 'Server Hello' is sent in same message as certificate, key Exchange ... 'Server Hello Done'.

       

           Did anybody face the same problem? Is there any reported issue in TLS implementation for this case?

       

           My environment:

      - BCM94343W_AVN

      - WICED Version: 5.0.0

       

      Thanks in advance,

      Reynaldo