I am trying to connect an embedded device to smtp.gmail.com:465 using tls1.2 with WolfSSL. The library creates and sends the following clientHello message and receives a handshake failure.
16 03 03 00 4f 01 00 00 4b 03 03 2e 2a ec 85 7f
15 dd 09 5f 22 d1 53 82 60 d7 80 67 28 aa 67 48
ce f0 71 ab 63 d0 b2 3e 55 3a 05 00 00 14 c0 27
c0 23 c0 0a c0 09 c0 07 c0 08 c0 14 c0 13 c0 11
c0 12 01 00 00 0e 00 0d 00 0a 00 08 04 03 02 03
04 01 02 01
Here is the received message;
15 03 03 00 02 02 28
As can be seen in the wireshark screenshot, the following cipher suites are supported by the client;
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)**
**TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)**
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
...and the following signature algorithms are supported by the client (please see hexadecimal part at the bottom of the screenshot, wireshark does not decode signature algorithms)
04 03: SHA256 EDCSA
02 03: SHA1 EDCSA
04 01: SHA256 RSA
02 01: SHA1 RSA
On the other hand, smtp.gmail.com supports the following cipher suites; (This is obtained by running script here: "superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers")
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA**
**TLS_ECDHE_RSA_WITH_RC4_128_SHA**
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
As can be seen above, these two suites match.
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA
And, I've checked the certificate in "www.digicert.com/help/" (use "smtp.gmail.com:465") and got this: Digicert Screenshot
- Signature algorithm = SHA256 + RSA (excellent)
This matches as well
According to "tools.ietf.org/html/rfc5246#section-7.2.2"
Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error.
As far as I understand, there exists other reasons than cipher suite and signature algorithm mismatch for handshake_failure or I am missing something very big. I am looking for the reason of the failure but I am unable to find. I would be grateful for any help or any idea. What can be the cause of handshake_failure?
I am very sorry for unclickable links. stackoverflow does not allow me to add more than 2 links. I will replace them with regular links when have 10 reputations :)
I just came across this and I realize it has been a long time. I regret I did not find this sooner.
For users experiencing this in the future however...
I am aware of a requirement when connecting to google servers that has changed in the last 6-9 months. Google servers will outright ignore any connection attempt if the client hello packet does not include the supported curves extension.
Could you try adding these defines to your default settings when building the wolfSSL library with the intent of connecting to ANY google servers:
#define HAVE_SUPPORTED_CURVES
#define HAVE_TLS_EXTENSIONS
(Corresponding configure option would be: "--enable-supportedcurves" which will define both of the above pre-processor macros)
and load at least one supported curve in any client application with the API:
wolfSSL_UseSupportedCurve(ssl, <CURVE NAME>);
A list of supported curves can be found in the comment section at the top of (wolfssl-root)/wolfcrypt/src/ecc.c
来源:https://stackoverflow.com/questions/35341394/ssl-handshake-failure-after-clienthello