Issue with cipher suites/signature algorithm on my zephyr based TLS client

[LeoBriandFiveO]

Hi,

I'm working on a TLS client based on echo-client sample.

I have been debugging my zephyr based TLS client for 1 week because I have an issue with it. During the handshake between my client (zephyr based) and my server ("$ sudo openssl s_server -accept 443 -cert serv_cert.crt -key serv_key.key -tls1_2") a handshake failure happens.
". 404796A5FF770000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../ssl/t1_lib.c:3293:
shutting down SSL
CONNECTION CLOSED"

On WIreshark my client hello looks like this :

I printed the ciphers suite available on my server : "$ openssl ciphers -s -tls1_2"
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

There are no common ciphersuites between the previous one and the client hello. How could I add more ciphersuite to my board, particularly the one that "openssl ciphers" command prints ? Does the ciphersuite list depends on the board we use ?
I tried to modify my overlay-tls.conf by adding "CONFIG_MBEDTLS_KEY_EXCHANGE_ALL_ENABLED" but nothing happened.

Thank you in advance for your help !

[github-actions[bot]]

Hi @LeoBRIANDSmile! We appreciate you submitting your first issue for our open-source project. 🌟

Even though I'm a bot, I can assure you that the whole community is genuinely grateful for your time and effort. 🤖💙

[rlubos]

Does the ciphersuite list depends on the board we use ?

The list of available cipersuites on the Zephyr side depends on the mbedTLS configuration, see:
https://github.com/zephyrproject-rtos/zephyr/blob/main/modules/mbedtls/Kconfig.tls-generic

You can enable more or less everything with the following configs:

CONFIG_MBEDTLS_KEY_EXCHANGE_ALL_ENABLED=y
CONFIG_MBEDTLS_CIPHER_ALL_ENABLED=y
CONFIG_MBEDTLS_ECP_ALL_ENABLED=y
CONFIG_MBEDTLS_HASH_ALL_ENABLED=y
CONFIG_MBEDTLS_CMAC=y
CONFIG_MBEDTLS_GENPRIME_ENABLED=y
CONFIG_MBEDTLS_HMAC_DRBG_ENABLED=y
CONFIG_MBEDTLS_ECDH_C=y
CONFIG_MBEDTLS_ECDSA_C=y
CONFIG_MBEDTLS_ECJPAKE_C=y
CONFIG_MBEDTLS_ECP_C=y

But it's usually better to select those algorithms from the link above that your project really needs.

Converting this into discussion, since it's not really a bug.

[LeoBriandFiveO]

I noticed something, if I print the ciphersuites (enabled by Mbed TLS) with the function "mbedtls_ssl_list_ciphersuites", it prints correctly the ciphersuites selected in my prj.conf :

# Ciphers suites
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED=y
CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
CONFIG_MBEDTLS_HASH_SHA384_ENABLED=y
CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y

Result :

If I change the config in prj.conf it changes as well the list I print. Nonetheless, when I try to connect to my server (ncat) and when I check the handshake on wireshark nothing changes, where as the list of mbedtls ciphersuites selected changes and they are clearly not the same.

Handshake (client hello) :

It acts like no matter what I put on my prj.conf, the ciphersuites list of my client doesn't change even if the ciphersuites list I print changes. Any ideas about that behaviour ?

[rlubos]

No clue, never seen anything like this before.

[LeoBriandFiveO]

OK, don't worry I will inquire further into the subject and come back to this discussion if I get something, thank you again :)

[LeoBriandFiveO]

Hi @rlubos, I think that the TLS stack is offloaded to the wifi module of my board, that could explain that the ciphersuites of my client hello don't change. The wifi module may be outdated considering the short list of ciphersuites provided. I would like to disable the TLS stack offloading, but keep the TCP/IP stack offloading. Any ideas ?

[rlubos]

Ok, that would explain this behavior.

I would like to disable the TLS stack offloading, but keep the TCP/IP stack offloading. Any ideas ?

That should be doable:

1. Enable socket offload dispatcher: CONFIG_NET_SOCKETS_OFFLOAD_DISPATCHER=y
2. Right after creating a TLS socket, set a TLS_NATIVE socket option with setsockopt(). That will instruct the socket layer to create a native TLS socket.

Here's an example how it's done in the test case we have for covering this scenario:

zephyr/tests/net/socket/offload_dispatcher/src/main.c

Line 770 in d0a2451

ret = zsock_setsockopt(test_sock, SOL_TLS, TLS_NATIVE,