Hi everyone
I am looking into using a stm32 nucleo board as a mqtt client. However, when I try to connect to the cloud via lwIP-mqtt and mbedtls, the server responds to my client hello packet with no server hello, but just acknowledges it and then terminates the tcp connection immediately. Server name indication is enabled, so I guess that the problem is elsewhere. Which tls extensions are required to connect to the hivemq cloud?
I don’t have any issues when I am connecting to the broker from a PC using MQTT.fx…
Captured data from WireShark:
25 7.251157 192.168.70.111 46.137.47.218 TCP 60 52432 → 8883 [SYN] Seq=0 Win=2144 Len=0 MSS=536
26 7.285539 46.137.47.218 192.168.70.111 TCP 60 8883 → 52432 [SYN, ACK] Seq=0 Ack=1 Win=62727 Len=0 MSS=536
27 7.286621 192.168.70.111 46.137.47.218 TLSv1.2 204 Client Hello
28 7.320530 46.137.47.218 192.168.70.111 TCP 60 8883 → 52432 [ACK] Seq=1 Ack=151 Win=62577 Len=0
29 7.322115 46.137.47.218 192.168.70.111 TCP 60 8883 → 52432 [FIN, ACK] Seq=1 Ack=151 Win=62577 Len=0
30 7.324204 192.168.70.111 46.137.47.218 TCP 60 52432 → 8883 [FIN, ACK] Seq=151 Ack=2 Win=2143 Len=0
Contents of the client hello packet:
Frame 27: 204 bytes on wire (1632 bits), 204 bytes captured (1632 bits) on interface \Device\NPF_{7ADF031A-D4DD-4E83-B8B3-893EE9EF2751}, id 0
Ethernet II, Src: STMicroe_00:30:31 (00:80:e1:00:30:31), Dst: Sonicwal_05:80:14 (18:b1:69:05:80:14)
Destination: Sonicwal_05:80:14 (18:b1:69:05:80:14)
Source: STMicroe_00:30:31 (00:80:e1:00:30:31)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.70.111, Dst: 46.137.47.218
Transmission Control Protocol, Src Port: 52432, Dst Port: 8883, Seq: 1, Ack: 1, Len: 150
Source Port: 52432
Destination Port: 8883
[Stream index: 0]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 150]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 6510
[Next Sequence Number: 151 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 2873795109
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······AP···]
Window: 2144
[Calculated window size: 2144]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x0620 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 0.035464000 seconds]
[Time since previous frame in this TCP stream: 0.001082000 seconds]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 26]
[The RTT to ACK the segment was: 0.001082000 seconds]
[iRTT: 0.035464000 seconds]
[Bytes in flight: 150]
[Bytes sent since last PSH flag: 150]
TCP payload (150 bytes)
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 145
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 141
Version: TLS 1.2 (0x0303)
Random: ffffffff3cced6f97d20594b50e992495b8a682fb278714ec11a078b079f2308
GMT Unix Time: Feb 7, 2106 07:28:15.000000000 Mitteleuropäische Zeit
Random Bytes: 3cced6f97d20594b50e992495b8a682fb278714ec11a078b079f2308
Session ID Length: 0
Cipher Suites Length: 6
Cipher Suites (3 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 94
Extension: server_name (len=56)
Type: server_name (0)
Length: 56
Server Name Indication extension
Server Name list length: 54
Server Name Type: host_name (0)
Server Name length: 51
Server Name: 1081eb36f727481f914ddd664f1415d2.s1.eu.hivemq.cloud
Extension: signature_algorithms (len=10)
Type: signature_algorithms (13)
Length: 10
Signature Hash Algorithms Length: 8
Signature Hash Algorithms (4 algorithms)
Extension: supported_groups (len=6)
Type: supported_groups (10)
Length: 6
Supported Groups List Length: 4
Supported Groups (2 groups)
Supported Group: secp384r1 (0x0018)
Supported Group: secp256r1 (0x0017)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
[JA3 Fullstring: 771,49196-49195-255,0-13-10-11-23,24-23,0]
[JA3: 01bce1fdefb33276c4f5ec0b5cebed4c]
Any help is greatly appreciated!