Skip to main content
Visitor II
May 14, 2021
Solved

HTTP to HTTPS web server on STM32H735G-DK based on examples

  • May 14, 2021
  • 2 replies
  • 5143 views

I am trying to implement an TLS HTTPS server based on this HTTP Web Server sample:

https://github.com/STMicroelectronics/x-cube-azrtos-h7/tree/main/Projects/STM32H735G-DK/Applications/NetXDuo/Nx_WebServer

I have been trying to convert the above sample to TLS HTTPS from this example code functions from the same GIT hub:

https://github.com/STMicroelectronics/x-cube-azrtos-h7/blob/main/Middlewares/ST/netxduo/samples/demo_netxduo_https.c

But I can't get the server to respond correctly from the clientHello, it responds with a short packet that should have been a serverHello. Using Wireshark to verify this.

The HTTP sample works fine on the STM32H735G-DK as it should. 

I have also tried adapting the process described in Small Example System (TLS Web Server):

https://docs.microsoft.com/en-us/azure/rtos/netx-duo/netx-secure-tls/chapter2

The example above uses different functions than the STM32 hosted examples, but still have the same broken server response. I am sort of stuck now. I am posting this here because it looks like STM employees ported the Azure middleware over from Microsoft.

    This topic has been closed for replies.
    Best answer by slime

    Adding a #define NX_SECURE_ENABLE_AEAD_CIPHER to nx_user.h fixed the issue and now has a total of 7 cipher suites available.

    2 replies

    slimeAuthor
    Visitor II
    May 20, 2021

    The response packet isn't corrupted. The issue seems to be there are only 4 supported cipher suites on the STM32 NetXDuo HTTPS server, and all modern browsers like Chrome, Edge, & Firefox deny the use of those 4 available. They are:

    0xC023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

    0xC027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

    0x003d  TLS_RSA_WITH_AES_256_CBC_SHA256

    0x003c  TLS_RSA_WITH_AES_128_CBC_SHA256

    Microsoft Internet Explorer does work. The remaining question is why only those 4 and is there a way to add newer cipher suites without trashing the NetXDuo platform?

    slimeAuthorAnswer
    Visitor II
    May 24, 2021

    Adding a #define NX_SECURE_ENABLE_AEAD_CIPHER to nx_user.h fixed the issue and now has a total of 7 cipher suites available.