What TLS extensions/ciphers are required for WolfSSL to connect to Azure EventGrid from an embedded platform?

Daniel Hadlow 5 Reputation points
2024-03-06T01:21:00.43+00:00

I am using WolfSSL on an embedded device and am trying to connect to an Azure EventGrid MQTT broker. The Client Hello message from the device is ignored by the server, which responds with a TCP RST packet. The Client Hello includes the following ciphers:

User's image

As well as the following signature algorithms:

User's image

Finally, I am also including the SNI, which matches that of a successful connection from openSSL s_client.

Is there some requirement that the TLS implementation is missing?

Just to be clear, these are the only extensions being used:

User's image

Azure Event Grid
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
379 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JananiRamesh-MSFT 27,021 Reputation points
    2024-03-08T03:06:11.4733333+00:00

    @Daniel Hadlow Thanks for your patience! MQTT broker requires, TLS-1.2, client certificate

    cypher-suits: 
    TLS_AES_128_GCM_SHA256,
    TLS_AES_256_GCM_SHA384
    
    
    cyphers:
    ECDHE-ECDSA-AES128-GCM-SHA256,
    ECDHE-ECDSA-AES256-GCM-SHA384,
    ECDHE-RSA-AES128-GCM-SHA256,
    ECDHE-RSA-AES256-GCM-SHA384,
    ECDHE-ECDSA-AES128-SHA256,
    ECDHE-ECDSA-AES256-SHA384,
    ECDHE-RSA-AES128-SHA256,
    ECDHE-RSA-AES256-SHA384.
    

    could you please share the client's broker name to verify logs?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.