ESP32 HTTPS Server Example

sander
Posts: 4
Joined: Tue Dec 15, 2020 2:28 pm

ESP32 HTTPS Server Example

Postby sander » Tue Dec 15, 2020 2:50 pm

Hi,

Currently I'm working on a device which transmits some data over WiFi to an MQTT server. The configuration of the WiFi credentials and the MQTT server are done via a webpage. The webpage is working correctly via HTTP and everything is working as expected.

Last week I tried to switch the HTTP server for the HTTPS server. I added the example certificates and the 'httpd_ssl_start' function call. When trying to connect to the server on port 443 (using Chrome or Edge) I get the following log:

Code: Select all

I (32827) esp_https_server: performing session handshake
I (32837) mbedtls: ssl_tls.c:8084 => handshake

I (32837) mbedtls: ssl_srv.c:4259 server state: 0

I (32837) mbedtls: ssl_tls.c:2755 => flush output

I (32837) mbedtls: ssl_tls.c:2767 <= flush output

I (32847) mbedtls: ssl_srv.c:4259 server state: 1

I (32847) mbedtls: ssl_tls.c:2755 => flush output

I (32857) mbedtls: ssl_tls.c:2767 <= flush output

I (32857) mbedtls: ssl_srv.c:1211 => parse client hello

I (32867) mbedtls: ssl_tls.c:2536 => fetch input

I (32877) mbedtls: ssl_tls.c:2697 in_left: 0, nb_want: 5

I (32877) mbedtls: ssl_tls.c:2721 in_left: 0, nb_want: 5

I (32887) mbedtls: ssl_tls.c:2722 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (32897) mbedtls: ssl_tls.c:2742 <= fetch input

W (32897) mbedtls: ssl_srv.c:1259 bad client hello message

I (32907) mbedtls: ssl_tls.c:8094 <= handshake

E (32907) esp-tls-mbedtls: mbedtls_ssl_handshake returned -30976
E (32917) esp_https_server: esp_tls_create_server_session failed
W (32927) httpd: httpd_accept_conn: session creation failed
W (32927) httpd: httpd_server: error accepting new connection
I'm fairly new in the TLS territory and don't know a lot when it comes to mbedTLS. The error code that is seen in the log is found in mbedTLS as 'MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO' (like stated in the log). I can't correctly pinpoint what happens when this error code is generated though.

The same error code pops up when I try to run the bare HTTPS server example available in the IDF package. I also generated a certificate for myself and added that to the example, but to no avail.

Are there any users that are experiencing the same error or is there anybody that can shed some light on this issue?

I'm using ESP IDF on Windows in Visual Studio Code using the Espressif IDF extension. The hardware I'm developing on incorporates a ESP32-WROOM-32E.

Thanks in advance

ESP_Jan
Posts: 42
Joined: Tue Dec 01, 2020 10:56 am

Re: ESP32 HTTPS Server Example

Postby ESP_Jan » Thu Dec 17, 2020 2:12 am

Hi sander,

I've tested the https_server example using IDF v4.1:
It works fine with Firefox browser.
Using Chrome or Edge (chromium) gives me similar errors:

Code: Select all

I (6463) esp_https_server: performing session handshake
E (7703) esp-tls-mbedtls: mbedtls_ssl_handshake returned -30592
E (7703) esp_https_server: esp_tls_create_server_session failed
W (7713) httpd: httpd_accept_conn: session creation failed
W (7713) httpd: httpd_server: error accepting new connection
I (7723) esp_https_server: performing session handshake
E (8953) esp-tls-mbedtls: mbedtls_ssl_handshake returned -30592
E (8953) esp_https_server: esp_tls_create_server_session failed
W (8963) httpd: httpd_accept_conn: session creation failed
W (8963) httpd: httpd_server: error accepting new connection
I (8973) esp_https_server: performing session handshake
W (10803) httpd_parse: parse_block: request URI/header too long
W (10803) httpd_txrx: httpd_resp_send_err: 431 Request Header Fields Too Large - Header fields are too long for server to interpret
Also chromium browsers send so much HTTP headers that the default value of CONFIG_HTTPD_MAX_REQ_HDR_LEN is too small and the ESP responds with the error code 431.
After I increased CONFIG_HTTPD_MAX_REQ_HDR_LEN from 512 to 1024 the example server works fine, but the log still displays information handshake fail.
I also tested this with iOS Safari and similar handshake errors are in the log.

Code: Select all

I (830123) esp_https_server: performing session handshake
E (831683) esp-tls-mbedtls: mbedtls_ssl_handshake returned -29312
E (831683) esp_https_server: esp_tls_create_server_session failed
W (831683) httpd: httpd_accept_conn: session creation failed
W (831693) httpd: httpd_server: error accepting new connection
I (831693) esp_https_server: performing session handshake
E (833283) esp-tls-mbedtls: mbedtls_ssl_handshake returned -29312
E (833283) esp_https_server: esp_tls_create_server_session failed
W (833283) httpd: httpd_accept_conn: session creation failed
W (833293) httpd: httpd_server: error accepting new connection
I (833303) esp_https_server: performing session handshake
E (834863) esp-tls-mbedtls: mbedtls_ssl_handshake returned -29312
E (834863) esp_https_server: esp_tls_create_server_session failed
W (834863) httpd: httpd_accept_conn: session creation failed
W (834873) httpd: httpd_server: error accepting new connection
I (837913) esp_https_server: performing session handshake
I (840683) esp_https_server: performing session handshake
E (843213) esp-tls-mbedtls: mbedtls_ssl_handshake returned -80
E (843213) esp_https_server: esp_tls_create_server_session failed
W (843223) httpd: httpd_accept_conn: session creation failed
W (843223) httpd: httpd_server: error accepting new connection
E (856953) esp-tls-mbedtls: read error :-80:
I will investigate this more tomorrow.

Thank you for your report.

sander
Posts: 4
Joined: Tue Dec 15, 2020 2:28 pm

Re: ESP32 HTTPS Server Example

Postby sander » Thu Dec 17, 2020 2:19 pm

Thanks for looking into it! Like I mentioned, I'm not very familiar with mbedTLS but I am also looking for thigs that seem odd or errors. I just installed FireFox on my PC, but get the same error as mentioned before. The error was also the same when I increased CONFIG_HTTPD_MAX_REQ_HDR_LEN.

Could it be that the issue is simply a wrongly configured IDF?

sander
Posts: 4
Joined: Tue Dec 15, 2020 2:28 pm

Re: ESP32 HTTPS Server Example

Postby sander » Wed Jan 06, 2021 12:35 pm

The last two weeks I have been playing with buffer sizes and configurations in IDF, but haven't had any success yet. Are there any discoveries in the code or configuration on your side that could help?

dastoned
Posts: 50
Joined: Fri May 29, 2020 2:52 pm

Re: ESP32 HTTPS Server Example

Postby dastoned » Wed Jan 06, 2021 1:40 pm

I've been using the HTTPS server without any problems (after increasing CONFIG_HTTPD_MAX_REQ_HDR_LEN).

The error message you're getting seems to indicate that your browser does not attempt to create a TLS connection. What exactly are you typing into the browser's address bar? Does it start with "https://.."? Using just "http://.." instructs the browser to create a non-encrypted HTTP connection.

sander
Posts: 4
Joined: Tue Dec 15, 2020 2:28 pm

Re: ESP32 HTTPS Server Example

Postby sander » Wed Jan 06, 2021 2:47 pm

This by a long shot the dumbest mistake I ever made. Indeed, when using the correct URL with "https://" and increasing the maximum header size it is working correctly.

Thanks for the help!

dastoned
Posts: 50
Joined: Fri May 29, 2020 2:52 pm

Re: ESP32 HTTPS Server Example

Postby dastoned » Wed Jan 06, 2021 5:25 pm

Great, I'm glad you got it :)

In reality, this is a bad user experience. When I type in the address "mydevice.local" to my browser, there should be something listening on port 80 which accepts HTTP and immediately redirects to HTTPS/443. This probably requires starting up a second HTTP server. Anyway, I haven't gotten around to it.

Who is online

Users browsing this forum: StanInexeon and 152 guests