7 Replies Latest reply on Oct 15, 2015 11:15 AM by cypherbridge

    TLS Handshake Error on Azure Event Hub

    mat3y

      Hi,

       

      can you guys check out if you can connect to the Azure Event Hub over TLS connection? Today all our WICED modules stopped sending data to the hub - very critical issue.

       

      After investigation it seems that the error coming out of ssl_handshake_client_async is 4294966880 = FFFFFE60 = -0x01A0 = TLS_ERROR_X509_CERT_UNKNOWN_SIG_ALG. It seems that Microsoft updated their certifcates today.

       

      Azure Event Hub for test:

           host: seltronhomeweu0000stg.servicebus.windows.net

           post: 443

       

      We are using version 2.4.1. and we have also reproduced this issue on 3.1.2.

       

      Thanks,

      Matej

        • 1. Re: TLS Handshake Error on Azure Event Hub
          mat3y

          It seems that Service Bus team renewed the *.servicebus.windows.net certificate which resulted in SHA256 type certificate being issued which is the Microsoft default for compliance reasons. The previous certificate was SHA1 certificate.

           

          Assistance on this issue will be greatly appreciated.

           

          Regards,

          Matej

          • 2. Re: TLS Handshake Error on Azure Event Hub
            jwriley

            Just a comment on this.  I am experiencing what I think is a similar issue.  I (with WICED 2.4.1) am able to initialize both root ca and client certificates that are signed with the SHA1 algorithm, but none signed with SHA256.

             

            I am wondering if this is a bug or if SHA256 is just not supported and if SHA256 is not supported by besl, are there plans to add support for it now that SHA1 is being deemed as insecure?

             

            Jake

            • 3. Re: TLS Handshake Error on Azure Event Hub
              user_367297687

              Any success solving this?

              • 4. Re: TLS Handshake Error on Azure Event Hub
                mat3y

                Unfortunately not, very disappointed how Broadcom is addressing customer issues.

                • 5. Re: TLS Handshake Error on Azure Event Hub
                  user_367297687

                  Its very strange, I have had good response on some issues from Broadcom, but other items seem to not get any response at all.  Very hit or miss.  The other users have been very helpful.  Unfortunately, this issue is killing us here and I am going to have to search for work arounds.  If you run across anything, let me know.  I'll do likewise.

                  • 6. Re: TLS Handshake Error on Azure Event Hub
                    mat3y

                    I wish you very best. We have given up for now regarding this issue. If anything comes up, I will let you know.

                    • 7. Re: TLS Handshake Error on Azure Event Hub
                      cypherbridge

                      Hi, I would like to respond on security related threads.

                       

                      I am sorry you ran into problems and apologize for slow response.  We can and will do better.

                      By way of background, we are the OEM supplier of the uSSL SDK included in WICED SDK.

                      The Broadcom WICED team adapted uSSL into WICED, including modifications adding it to the platform framework. 

                      They call the shots on what goes into WICED, including new features and bugfixes, and we don't have any direct control over it.

                       

                      However, at Cypherbridge our mission is to deliver the best possible leading edge solutions for embedded IoT security and

                      connectivity.  We do offer an option for WICED customers to work with us directly for support and upgrades,

                      including customized builds. To get the latest and greatest features and direct technical support, please contact us

                      on our WICED support page, include your company contact information, and we can take it from there.

                       

                      www.cypherbridge.com/WICED.html

                       

                      Best Regards,

                      Steve DeLaney

                      President

                      Cypherbridge Systems