Topic: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)

I am trying to connect an embedded device to smtp.gmail.com:465 using tls1.2 with WolfSSL. The library creates and sends the following clientHello message and receives a handshake failure.

16 03 03 00 4f 01 00 00  4b 03 03 2e 2a ec 85 7f
15 dd 09 5f 22 d1 53 82  60 d7 80 67 28 aa 67 48 
ce f0 71 ab 63 d0 b2 3e  55 3a 05 00 00 14 c0 27 
c0 23 c0 0a c0 09 c0 07  c0 08 c0 14 c0 13 c0 11 
c0 12 01 00 00 0e 00 0d  00 0a 00 08 04 03 02 03 
04 01 02 01

Here is the received message;

15 03 03 00 02 02 28

As can be seen in the wireshark screenshot in the attachment, the following cipher suites are supported by the client;

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
>>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
>>TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)

...and the following signature algorithms are supported by the client (please see hexadecimal part at the bottom of the screenshot, wireshark does not decode signature algorithms)

04 03: SHA256 EDCSA
02 03: SHA1   EDCSA
04 01: SHA256 RSA
02 01: SHA1   RSA

On the other hand, smtp.gmail.com supports the following cipher suites; (This is obtained by running script here)

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>>TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA

As can be seen above, these two suites match.

    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_RC4_128_SHA

And, I've checked the certificate in here (use "smtp.gmail.com:465") and got this:

  • Signature algorithm = SHA256 + RSA (excellent)

This matches as well

According to RFC

Reception of a handshake_failure alert message indicates that the
      sender was unable to negotiate an acceptable set of security
      parameters given the options available.  This is a fatal error.

As far as I understand, there exists other reasons than cipher suite and signature algorithm mismatch for handshake_failure or I am missing something very big. I am looking for the reason of the failure but I am unable to find. I would be grateful for any help or any idea. What can be the cause of handshake_failure and how can I solve this?

Thank you smile
Semih.

Post's attachments

wireshark-cipher.png
wireshark-cipher.png 93.57 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)

Hi Semih,

Can you try enabling the "supported curves" extension when compiling wolfSSL?  We recently noticed that this is required to connect to some implementations using an ECC based cipher suite.

You can enable this using the "--enable-supportedcurves" ./configure option, ie:

./configure --enable-supportedcurves

Thanks,
Chris

Re: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)

chrisc wrote:

Hi Semih,

Can you try enabling the "supported curves" extension when compiling wolfSSL?  We recently noticed that this is required to connect to some implementations using an ECC based cipher suite.

You can enable this using the "--enable-supportedcurves" ./configure option, ie:

./configure --enable-supportedcurves

Thanks,
Chris

Hi,

I'm getting very similar problem with dl-media.integration.viber.com. I've built wolfSSL with the following options:

./configure --enable-opensslextra --enable-ecc --enable-psk --enable-aesccm --enable-supportedcurves --enable-curve25519 

But still got the -313 error:

./examples/client/client -h dl-media.integration.viber.com -p 443 -d -g -x
err = -313, revcd alert fatal error
wolfSSL error: wolfSSL_connect failed

Does anyone have any idea as to what am I missing ?

Thanks.

Share

Re: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)

Hi luanxbach,

It looks like "dl-media.integration.viber.com:443" requires SNI (Server Name Indication) to be used.  You can compile wolfSSL with SNI support using the --enable-sni configure option.  After adding that, you can connect using the example client by doing:

./examples/client/client -h dl-media.integration.viber.com -p 443 -d -g -S dl-media.integration.viber.com

Best Regards,
Chris

Re: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)

hi, im currently porting wolfSSL to STM32F4 (non OS), same problem here wolfSSL returning error -313 (recvd alert fatal error) during wolfSSL_connect, from the alert packet from server the content is level 0x02 and description 0x14 (BAD_RECORD_MAC), is there anything that can be done to solved this issue??

Share

Re: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)

chrisc wrote:

Hi luanxbach,

It looks like "dl-media.integration.viber.com:443" requires SNI (Server Name Indication) to be used.  You can compile wolfSSL with SNI support using the --enable-sni configure option.  After adding that, you can connect using the example client by doing:

./examples/client/client -h dl-media.integration.viber.com -p 443 -d -g -S dl-media.integration.viber.com

Best Regards,
Chris

Thank you, may I ask how did you find that info ?

Share

Re: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)

Solved, i changed the hardware crypto operation to software one, and it works like magic, looks like the STM32F2 hardware crypto didn't work on F4

Share

Re: WolfSSL Error: -313 (Also, handshake_failure in Wireshark)

agushimuso,

The hardware crypto for the STM32F2 may be slightly different than the STM32F4, correct.  The F4 may need some slight modifications to work correctly.

luanxbach,

Sure!  SNI being required, but not used has been a common issue in the last few months.  Because of this, it was one of the first things I checked.

Best Regards,
Chris