fix(libtls): enable SHA-384/512 and modern TLS extensions to fix cert verify

yingtao450 · yingtao450 · commit 7b5fda1d7a7c · 2026-04-20T19:15:37.000+08:00
The default mbedtls_config.h profile force-undefs MBEDTLS_SHA384_C and
MBEDTLS_SHA512_C when ENABLE_CUSTOM_CONFIG=n. As a result mbedTLS cannot
recognize the sha384WithRSAEncryption OID (1.2.840.113549.1.1.12), so any
intermediate CA signed with RSA-SHA384 is silently dropped from the peer
chain with MBEDTLS_ERR_OID_NOT_FOUND. The verify_cb only sees the leaf,
the issuer cannot be located, and verification fails with NOT_TRUSTED
(flag 0x8) on otherwise valid chains - e.g. *.wgine.com leaf signed by
GoGetSSL RSA DV CA (RSA-SHA384) chained up to AAA Certificate Services.

Fix:
- enable MBEDTLS_SHA384_C / MBEDTLS_SHA512_C by default (root cause)
- enable MBEDTLS_SSL_RENEGOTIATION / _ALPN / _SESSION_TICKETS so the
  ClientHello carries the standard modern extensions
- drop the ECDHE-RSA-AES128-CBC-SHA256 suite, add ChaCha20-Poly1305
  AEAD suites and reorder ECDSA-first to match common server preference

Made-with: Cursor
diff --git a/src/libtls/port/tuya_tls_config.h b/src/libtls/port/tuya_tls_config.h
@@ -1652,7 +1652,7 @@
  *          configuration of this extension).
  *
  */
-//#define MBEDTLS_SSL_RENEGOTIATION
+#define MBEDTLS_SSL_RENEGOTIATION
 
 /**
  * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1784,7 +1784,7 @@
  *
  * Comment this macro to disable support for ALPN.
  */
-//#define MBEDTLS_SSL_ALPN
+#define MBEDTLS_SSL_ALPN
 
 /**
  * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@@ -1910,7 +1910,7 @@
 #undef MBEDTLS_SSL_SESSION_TICKETS
 #endif
 #else
-// #define MBEDTLS_SSL_SESSION_TICKETS
+#define MBEDTLS_SSL_SESSION_TICKETS
 #endif
 /**
  * \def MBEDTLS_SSL_EXPORT_KEYS
@@ -3231,8 +3231,14 @@
 #undef MBEDTLS_SHA384_C
 #endif
 #else
-#undef MBEDTLS_SHA512_C
-#undef MBEDTLS_SHA384_C
+/* Enabled by default. Many real-world intermediate CAs are signed with
+ * sha384WithRSAEncryption (OID 1.2.840.113549.1.1.12). Without SHA-384/512
+ * compiled in, mbedtls_x509_crt_parse silently drops these certs from the
+ * peer chain with MBEDTLS_ERR_OID_NOT_FOUND, leaving only the leaf and
+ * triggering MBEDTLS_X509_BADCERT_NOT_TRUSTED on otherwise valid chains
+ * (e.g. *.wgine.com leaf -> GoGetSSL RSA DV CA SHA-384 intermediate). */
+#define MBEDTLS_SHA512_C
+#define MBEDTLS_SHA384_C
 #endif
 
 
diff --git a/src/tuya_cloud_service/tls/tuya_tls.c b/src/tuya_cloud_service/tls/tuya_tls.c
@@ -402,9 +402,16 @@ static OPERATE_RET mbedtls_cert_pkey_parse(tuya_tls_hander p_tls_handler)
     return OPRT_OK;
 }
 
-static int tuya_tls_ciphersuite_list[] = {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-                                          MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-                                          MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0};
+/* Modern AEAD-only suite list. CBC mode dropped (no longer recommended) and
+ * ChaCha20-Poly1305 added so we negotiate one of the AEAD suites that every
+ * mainstream TLS 1.2 server supports. */
+static int tuya_tls_ciphersuite_list[] = {
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    0,
+};
 
 /**
  * @brief Initializes the Tuya TLS module.
