OSError: (-30592, 'MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE') during handshake with DigitalOcean server

I’ve seen a few posts about HTTPS problems but I think my problem is different. My Nicla Vision can connect to most web servers but to not to servers hosted on DigitalOcean:

import json
import network
import requests
from utime import sleep

with open('config.json', 'r') as file:
    config = json.load(file)

wlan = network.WLAN(network.STA_IF)
wlan.active(True)
sleep(5)
wlan.connect(ssid=config['ssid'], key=config['key'])

while not wlan.isconnected():
  print('connecting to wifi...')
  sleep(1)

requests.get('https://www.google.com/') # works
requests.get('https://abcstake.com/') # OSError: (-30592, 'MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE')

OpenMV 3051906; MicroPython 3f421121; Arduino Nicla Vision with STM32H747

As far as I can tell, the problem is a remote error during handshake. I can reproduce a similar-looking error on my computer with tlslite:

from tlslite import HTTPTLSConnection, HandshakeSettings
from tlslite.tlsconnection import TLSConnection
import socket

settings = HandshakeSettings()
settings.useExperimentalTackExtension = False
settings.certificate_compression_send = ['zlib']
settings.certificate_compression_receive = ['zlib']

host = 'abcstake.com'
path = '/'
h = HTTPTLSConnection(host, 443, settings=settings)
h.request('GET', path)
r = h.getresponse()
print(r.status) # Works for the same server this time

ai = socket.getaddrinfo(host , 443)[0]
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)

s.connect(ai[-1])
s.settimeout(5.0)

s = TLSConnection(s)
s.handshakeClientCert(settings=settings) # tlslite.errors.TLSRemoteAlert: handshake_failure

I don’t know how to debug this, and AFAIK there are no server logs I can look at on CloudFlare or DigitalOcean.

Is that something that can be solved with the Nicla Vision? Thank you!

@iabdalkader - Any thoughts?

You seem to have a very few enabled ciphers. Try to enable and match the cipher suites supported by google for example, or any other website that works, for each TLS/SSL protocol especially for TLSv1.2.

1 Like