SNI for HttpClient does not work

[duduita]

Describe the bug
When a meadow app attempts to request this API https://api.sunrisesunset.io/json?lat=47.333&lng=13.333 , it throws A fatal alert message was received from our peer, since Meadow doesn't support SNI for HttpClient.

To Reproduce
Simply make an HTTP request to this API:

using HttpClient client = new HttpClient();
// Send a GET request to the specified Uri
HttpResponseMessage response = await client.GetAsync(apiurl).ConfigureAwait(false);
 
// Ensure we received a successful response.
response.EnsureSuccessStatusCode();
 
// Read the response content as a string asynchronously
string content = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
Resolver.Log.Info($"Received JSON String: {content}");
 
return await Task.FromResult(content).ConfigureAwait(false);

Expected behavior
The request should return a successful result return as well as not throw this exception.

Meadow (please complete the following information as best as you can):
Model: F7Micro
Hardware version: F7CoreComputeV2
Device name: MeadowCoreCompute

Hardware Information
Processor type: STM32F777IIK6
ID: 3A-00-21-00-0D-50-4B-55-30-38-31-20
Serial number: 20523874554B
Coprocessor type: ESP32
MAC Address -
WiFi: 4C:75:25:D5:78:A0

Firmware Versions
OS: 1.11.0.0
Mono: 1.11.0.0
Coprocessor: 1.11.0.0
Protocol: 7

Additional context

• Here is the slack discussion that originated this issue.
• The interesting is that when making an HTTP request using the mbedTLS sample client ssl_client1.c with these parameters:

#define SERVER_PORT "443"
#define SERVER_NAME "api.sunrisesunset.io"
#define GET_REQUEST "GET /json?lat=47.333&lng=13.333 HTTP/1.1\r\nHost: api.sunrisesunset.io\r\n\r\n"

I got the following error:

ssl_client.c:0042: client hello, adding server name extension: api.sunrisesunset.io
ssl_tls13_client.c:0057: client hello, adding supported versions extension
ssl_tls13_client.c:0080: supported version: [3:4]
ssl_tls13_client.c:0086: supported version: [3:3]
ssl_tls13_client.c:0572: no cookie to send; skip extension
ssl_tls13_client.c:0285: client hello: adding key share extension
ssl_tls13_generic.c:1651: Perform PSA-based ECDH/FFDH computation.
ssl_tls13_generic.c:1689: psa_generate_key() returned -27648 (-0x6c00)
ssl_client.c:1012: <= write client hello
ssl_tls.c:4617: <= handshake
 failed
  ! mbedtls_ssl_handshake returned -0x6c00

Last error was: -27648 - SSL - Internal error (eg, unexpected failure in lower-level module)

What is interesting is that when I force the mbedTLS to use TLS 1.2, instead TLS 1.3 by adding the following:

mbedtls_ssl_conf_max_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); // Force TLS 1.2

The request worked perfectly! So, it indicates to me that there might be a problem with the TLS 1.3, somehow the server is not properly working with mbedTLS TLS 1.3.

More details regarding that, see this mbedTLS issue.