Forum Discussion
TLS handshake failure between IoT product and AWS
Hello, I am a software developer building an IoT water treatment product that is currently in soft release. (https://dropconnect.com) The core of the system is a WiFi-enabled hub that commun...
Just adding an update for closure on this thread...
In the end, the problem was corruption of the TLS handshake caused by a default buffer size in Microchip's TCP/IP library being too small. I haven't completely studied the cause yet, but it appears that traffic received via a HughesNet link uses a larger than typical MTU setting or something along those lines. Simply resizing that buffer made the problem disappear.
Patrick
Liz,
If I could chime in...
I noticed something similar when going to my bank's web page yesterday (just didn't have time to report it) which also hung on a TLS handshake to AWS. To add to this, it seems like it's happening very sporadically (or transitionally, as I explain later) and eventually clears.
AWS switches their IPs around very often (a pure annoyance from a web security standpoint, imo). It's very possible that when they do that, the IP caching used in the DNS acceleration may get confused and try to handshake with the wrong IP, thus causing a TLS error. If that's the case, there might need to be exceptions made for AWS and any other cloud/server farms that tend to do the same thing, like DigitalOcean, etc.
I'd venture to guess this is part of the problem people were having going to amazon.com recently, as well.
Hi Mark!
Thanks for chiming in, I just noticed your post. Let me also send this over to the engineers for their information.
Good morning Patrick,
Thank you for PMing me your contact info. One of our engineers informed me he'll be reaching out to you soon. Looking forward to some productive findings!
