Hi,
After checked my device log seem that my device already support for TLS Ver1.2. So, that why ssl handshake were success. Below is the tls log evidence.
[Sat Dec 04 22:25:19.817 2021] [32477]mqtt:root_crt parse done
[Sat Dec 04 22:25:19.835 2021] ssl_tls.c:6344: |2| => handshake
[Sat Dec 04 22:25:19.836 2021] ssl_cli.c:3279: |2| client state: 0
[Sat Dec 04 22:25:19.855 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:25:19.865 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:25:19.866 2021] ssl_cli.c:3279: |2| client state: 1
[Sat Dec 04 22:25:19.879 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:25:19.880 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:25:19.895 2021] ssl_cli.c:0717: |2| => write client hello
[Sat Dec 04 22:25:19.911 2021] ssl_cli.c:0755: |3| client hello, max version: [3:3]
[Sat Dec 04 22:25:19.926 2021] ssl_cli.c:0764: |3| dumping 'client hello, random bytes' (32 bytes)
[Sat Dec 04 22:25:19.942 2021] ssl_cli.c:0764: |3| 0000: 60 08 e8 12 37 30 ea 3b 8f 1b e3 3a a4 47 62 3e `...70.;...:.Gb>
[Sat Dec 04 22:25:19.959 2021] ssl_cli.c:0764: |3| 0010: 78 d2 e6 3e ed 1c e6 3c a3 56 e4 3c e9 71 e4 3d x..>...<.V.<.q.=
[Sat Dec 04 22:25:19.991 2021] ssl_cli.c:0817: |3| client hello, session id len.: 0
[Sat Dec 04 22:25:20.008 2021] ssl_cli.c:0818: |3| dumping 'client hello, session id' (0 bytes)
[Sat Dec 04 22:25:20.023 2021] ssl_cli.c:0885: |3| client hello, add ciphersuite: 4x
[Sat Dec 04 22:25:20.039 2021] ssl_cli.c:0885: |3| client hello, add ciphersuite: 4x
[Sat Dec 04 22:25:20.055 2021] ssl_cli.c:0885: |3| client hello, add ciphersuite: 4x
[Sat Dec 04 22:25:20.071 2021] ssl_cli.c:0885: |3| client hello, add ciphersuite: 4x
[Sat Dec 04 22:25:20.086 2021] ssl_cli.c:0918: |3| client hello, got 5 ciphersuites
[Sat Dec 04 22:25:20.087 2021] ssl_cli.c:0949: |3| client hello, compress len.: 1
[Sat Dec 04 22:25:20.104 2021] ssl_cli.c:0951: |3| client hello, compress alg.: 0
[Sat Dec 04 22:25:20.121 2021] ssl_cli.c:0178: |3| client hello, adding signature_algorithms extension
[Sat Dec 04 22:25:20.138 2021] ssl_cli.c:0508: |3| client hello, adding encrypt_then_mac extension
[Sat Dec 04 22:25:20.165 2021] ssl_cli.c:0542: |3| client hello, adding extended_master_secret extension
[Sat Dec 04 22:25:20.181 2021] ssl_cli.c:0575: |3| client hello, adding session ticket extension
[Sat Dec 04 22:25:20.198 2021] ssl_cli.c:1023: |3| client hello, total extension length: 28
[Sat Dec 04 22:25:20.214 2021] ssl_tls.c:2705: |2| => write record
[Sat Dec 04 22:25:20.229 2021] ssl_tls.c:2842: |3| output record: msgtype = 22, version = [3:1], msglen = 83
[Sat Dec 04 22:25:20.245 2021] ssl_tls.c:2845: |4| dumping 'output record sent to network' (88 bytes)
[Sat Dec 04 22:25:20.262 2021] ssl_tls.c:2845: |4| 0000: 16 03 01 00 53 01 00 00 4f 03 03 60 08 e8 12 37 ....S...O..`...7
[Sat Dec 04 22:25:20.293 2021] ssl_tls.c:2845: |4| 0010: 30 ea 3b 8f 1b e3 3a a4 47 62 3e 78 d2 e6 3e ed 0.;...:.Gb>x..>.
[Sat Dec 04 22:25:20.310 2021] ssl_tls.c:2845: |4| 0020: 1c e6 3c a3 56 e4 3c e9 71 e4 3d 00 00 0a 00 3d ..<.V.<.q.=....=
[Sat Dec 04 22:25:20.341 2021] ssl_tls.c:2845: |4| 0030: 00 35 00 3c 00 2f 00 ff 01 00 00 1c 00 0d 00 0c .5.<./..........
[Sat Dec 04 22:25:20.357 2021] ssl_tls.c:2845: |4| 0040: 00 0a 06 01 05 01 04 01 03 01 02 01 00 16 00 00 ................
[Sat Dec 04 22:25:20.389 2021] ssl_tls.c:2845: |4| 0050: 00 17 00 00 00 23 00 00 .....#..
[Sat Dec 04 22:25:20.424 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:25:20.425 2021] ssl_tls.c:2439: |2| message length: 88, out_left: 88
[Sat Dec 04 22:25:20.445 2021] ssl_tls.c:2445: |2| ssl->f_send() returned 88 (-0xffffffa8)
[Sat Dec 04 22:25:20.455 2021] ssl_tls.c:2464: |2| <= flush output
[Sat Dec 04 22:25:20.470 2021] ssl_tls.c:2854: |2| <= write record
[Sat Dec 04 22:25:20.470 2021] ssl_cli.c:1049: |2| <= write client hello
[Sat Dec 04 22:25:20.486 2021] ssl_cli.c:3279: |2| client state: 2
[Sat Dec 04 22:25:20.503 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:25:20.503 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:25:20.516 2021] ssl_cli.c:1410: |2| => parse server hello
[Sat Dec 04 22:25:20.517 2021] ssl_tls.c:3732: |2| => read record
[Sat Dec 04 22:25:20.533 2021] ssl_tls.c:2212: |2| => fetch input
[Sat Dec 04 22:25:20.548 2021] ssl_tls.c:2370: |2| in_left: 0, nb_want: 5
[Sat Dec 04 22:25:20.821 2021] ssl_tls.c:2394: |2| in_left: 0, nb_want: 5
[Sat Dec 04 22:25:20.840 2021] ssl_tls.c:2395: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
[Sat Dec 04 22:25:20.863 2021] ssl_tls.c:2407: |2| <= fetch input
[Sat Dec 04 22:25:20.878 2021] ssl_tls.c:3483: |4| dumping 'input record header' (5 bytes)
[Sat Dec 04 22:25:20.891 2021] ssl_tls.c:3483: |4| 0000: 16 03 03 00 55 ....U
[Sat Dec 04 22:25:20.903 2021] ssl_tls.c:3492: |3| input record: msgtype = 22, version = [3:3], msglen = 85
[Sat Dec 04 22:25:20.915 2021] ssl_tls.c:2212: |2| => fetch input
[Sat Dec 04 22:25:20.931 2021] ssl_tls.c:2370: |2| in_left: 5, nb_want: 90
[Sat Dec 04 22:25:20.947 2021] ssl_tls.c:2394: |2| in_left: 5, nb_want: 90
[Sat Dec 04 22:25:20.948 2021] ssl_tls.c:2395: |2| ssl->f_recv(_timeout)() returned 85 (-0xffffffab)
[Sat Dec 04 22:25:20.979 2021] ssl_tls.c:2407: |2| <= fetch input
[Sat Dec 04 22:25:20.980 2021] ssl_tls.c:3661: |4| dumping 'input record from network' (90 bytes)
[Sat Dec 04 22:25:21.011 2021] ssl_tls.c:3661: |4| 0000: 16 03 03 00 55 02 00 00 51 03 03 61 ab 88 5e 24 ....U...Q..a..^$
[Sat Dec 04 22:25:21.027 2021] ssl_tls.c:3661: |4| 0010: 89 74 93 3f e6 68 b6 b6 f2 0d a8 5b ea 01 fd 90 .t.?.h.....[....
[Sat Dec 04 22:25:21.062 2021] ssl_tls.c:3661: |4| 0020: 56 a5 3b 23 cb e5 4d eb 6c 39 d0 20 5a 37 b9 a2 V.;#..M.l9. Z7..
[Sat Dec 04 22:25:21.082 2021] ssl_tls.c:3661: |4| 0030: 02 3a e7 93 0f 39 cc fb c7 bd 01 d6 6c 47 7a 56 .:...9......lGzV
[Sat Dec 04 22:25:21.107 2021] ssl_tls.c:3661: |4| 0040: 7a 30 9d 7d 34 dc 55 28 df e8 ab fa 00 2f 00 00 z0.}4.U(...../..
[Sat Dec 04 22:25:21.123 2021] ssl_tls.c:3661: |4| 0050: 09 00 17 00 00 ff 01 00 01 00 ..........
[Sat Dec 04 22:25:21.154 2021] ssl_tls.c:3093: |3| handshake message: msglen = 85, type = 2, hslen = 85
[Sat Dec 04 22:25:21.171 2021] ssl_tls.c:3757: |2| <= read record
[Sat Dec 04 22:25:21.187 2021] ssl_cli.c:1483: |3| dumping 'server hello, version' (2 bytes)
[Sat Dec 04 22:25:21.203 2021] ssl_cli.c:1483: |3| 0000: 03 03 ..
[Sat Dec 04 22:25:21.221 2021] ssl_cli.c:1509: |3| server hello, current time: u
[Sat Dec 04 22:25:21.238 2021] ssl_cli.c:1516: |3| dumping 'server hello, random bytes' (32 bytes)
[Sat Dec 04 22:25:21.256 2021] ssl_cli.c:1516: |3| 0000: 61 ab 88 5e 24 89 74 93 3f e6 68 b6 b6 f2 0d a8 a..^$.t.?.h.....
[Sat Dec 04 22:25:21.285 2021] ssl_cli.c:1516: |3| 0010: 5b ea 01 fd 90 56 a5 3b 23 cb e5 4d eb 6c 39 d0 [....V.;#..M.l9.
[Sat Dec 04 22:25:21.301 2021] ssl_cli.c:1586: |3| server hello, session id len.: 32
[Sat Dec 04 22:25:21.317 2021] ssl_cli.c:1587: |3| dumping 'server hello, session id' (32 bytes)
[Sat Dec 04 22:25:21.330 2021] ssl_cli.c:1587: |3| 0000: 5a 37 b9 a2 02 3a e7 93 0f 39 cc fb c7 bd 01 d6 Z7...:...9......
[Sat Dec 04 22:25:21.361 2021] ssl_cli.c:1587: |3| 0010: 6c 47 7a 56 7a 30 9d 7d 34 dc 55 28 df e8 ab fa lGzVz0.}4.U(....
[Sat Dec 04 22:25:21.397 2021] ssl_cli.c:1623: |3| no session has been resumed
[Sat Dec 04 22:25:21.398 2021] ssl_cli.c:1625: |3| server hello, chosen ciphersuite: 4x
[Sat Dec 04 22:25:21.422 2021] ssl_cli.c:1626: |3| server hello, compress alg.: 0
[Sat Dec 04 22:25:21.442 2021] ssl_cli.c:1640: |3| server hello, chosen ciphersuite: TLS-RSA-WITH-AES-128-CBC-SHA
[Sat Dec 04 22:25:21.460 2021] ssl_cli.c:1671: |2| server hello, total extension length: 9
[Sat Dec 04 22:25:21.475 2021] ssl_cli.c:1741: |3| found extended_master_secret extension
[Sat Dec 04 22:25:21.491 2021] ssl_cli.c:1689: |3| found renegotiation extension
[Sat Dec 04 22:25:21.505 2021] ssl_cli.c:1859: |2| <= parse server hello
[Sat Dec 04 22:25:21.506 2021] ssl_cli.c:3279: |2| client state: 3
[Sat Dec 04 22:25:21.521 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:25:21.537 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:25:21.537 2021] ssl_tls.c:4227: |2| => parse certificate
[Sat Dec 04 22:25:21.554 2021] ssl_tls.c:3732: |2| => read record
[Sat Dec 04 22:25:21.554 2021] ssl_tls.c:2212: |2| => fetch input
[Sat Dec 04 22:25:21.569 2021] ssl_tls.c:2370: |2| in_left: 0, nb_want: 5
[Sat Dec 04 22:25:21.586 2021] ssl_tls.c:2394: |2| in_left: 0, nb_want: 5
[Sat Dec 04 22:25:21.587 2021] ssl_tls.c:2395: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
[Sat Dec 04 22:25:21.621 2021] ssl_tls.c:2407: |2| <= fetch input
[Sat Dec 04 22:25:21.622 2021] ssl_tls.c:3483: |4| dumping 'input record header' (5 bytes)
[Sat Dec 04 22:25:21.644 2021] ssl_tls.c:3483: |4| 0000: 16 03 03 0f d3 .....
[Sat Dec 04 22:25:21.667 2021] ssl_tls.c:3492: |3| input record: msgtype = 22, version = [3:3], msglen = 4051
[Sat Dec 04 22:25:21.682 2021] ssl_tls.c:2212: |2| => fetch input
[Sat Dec 04 22:25:21.682 2021] ssl_tls.c:2370: |2| in_left: 5, nb_want: 4056
[Sat Dec 04 22:25:21.696 2021] ssl_tls.c:2394: |2| in_left: 5, nb_want: 4056
[Sat Dec 04 22:25:21.713 2021] ssl_tls.c:2395: |2| ssl->f_recv(_timeout)() returned 2729 (-0xfffff557)
[Sat Dec 04 22:25:21.729 2021] ssl_tls.c:2394: |2| in_left: 2734, nb_want: 4056
[Sat Dec 04 22:25:21.745 2021] ssl_tls.c:2395: |2| ssl->f_recv(_timeout)() returned 1322 (-0xfffffad6)
[Sat Dec 04 22:25:21.776 2021] ssl_tls.c:2407: |2| <= fetch input
.
.
.
[Sat Dec 04 22:25:36.086 2021] ssl_tls.c:3757: |2| <= read record
[Sat Dec 04 22:25:36.102 2021] ssl_tls.c:5223: |2| <= parse finished
[Sat Dec 04 22:25:36.118 2021] ssl_cli.c:3279: |2| client state: 14
[Sat Dec 04 22:25:36.119 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:25:36.134 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:25:36.135 2021] ssl_cli.c:3390: |2| handshake: done
[Sat Dec 04 22:25:36.151 2021] ssl_cli.c:3279: |2| client state: 15
[Sat Dec 04 22:25:36.168 2021] ssl_tls.c:2420: |2| => flush output
[Sat Dec 04 22:25:36.168 2021] ssl_tls.c:2432: |2| <= flush output
[Sat Dec 04 22:25:36.184 2021] ssl_tls.c:4973: |3| => handshake wrapup
[Sat Dec 04 22:25:36.201 2021] ssl_tls.c:4946: |3| => handshake wrapup: final free
[Sat Dec 04 22:25:36.214 2021] ssl_tls.c:4966: |3| <= handshake wrapup: final free
[Sat Dec 04 22:25:36.215 2021] ssl_tls.c:5028: |3| <= handshake wrapup
[Sat Dec 04 22:25:36.230 2021] ssl_tls.c:6354: |2| <= handshake
[Sat Dec 04 22:25:36.246 2021]
[Sat Dec 04 22:25:36.246 2021] [48899]mqtt:ssl handshake success
That mean the problem is probably on MQTT level, why my device receive CONNACK with return code is 5 (The Client is not authorized to connect) on MQTT package level ?
Regards,