Getting samples running on the nrf9151 or nrf54

Ashlin · November 19, 2025, 4:37am

Description

I have been trying to evaluate the Golioth platform on one of the dev kits I have on hand (nrf9151, nrf54L15, nrf52840, nrf5340).

Using this guide, I can get the nrf9151 to build, but it will not connect to the cellular network (did need to add CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y)

Having not worked with the nrf9151 a lot, I moved to the nrf54L15 I got it building, I am using PPP via my laptop for an internet connection (I do this a lot with the 54).

But I think I am having a lot of issues with MBEDTLS and psk.

Steps to Reproduce

For building I have been using the stream example, add these files:
Build command: west build -b nrf54l15dk/nrf54l15/cpuapp --pristine

nrf54l15dk_nrf54l15_cpuapp.conf

# General config
CONFIG_HEAP_MEM_POOL_SIZE=4096
CONFIG_NEWLIB_LIBC=y

# Asserts and Safety
CONFIG_ASSERT=y
CONFIG_ASSERT_LEVEL=2
CONFIG_THREAD_STACK_INFO=y
CONFIG_STACK_USAGE=y
CONFIG_HW_STACK_PROTECTION=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_IPV6=n
CONFIG_NET_IPV4=y
CONFIG_NET_DHCPV4=n
CONFIG_NET_MAX_CONTEXTS=20
CONFIG_NET_DRIVERS=y
CONFIG_NET_NATIVE=y
CONFIG_POSIX_API=y

# Network config
CONFIG_NET_SOCKETS=y
CONFIG_NET_CONFIG_SETTINGS=y
CONFIG_NET_TCP=y
CONFIG_NET_UDP=y
CONFIG_NET_IPV4_IGMP=y
CONFIG_NET_CONFIG_AUTO_INIT=n

CONFIG_NET_CONNECTION_MANAGER=y
CONFIG_NET_CONNECTION_MANAGER_MONITOR_STACK_SIZE=2048
CONFIG_NET_CONNECTION_MANAGER_LOG_LEVEL_DBG=y

# PPP
CONFIG_NET_PPP=y
CONFIG_NET_DEFAULT_IF_PPP=y
CONFIG_NET_L2_PPP=y
CONFIG_NET_L2_PPP_MGMT=y

# DNS
CONFIG_DNS_RESOLVER=y
CONFIG_DNS_NUM_CONCUR_QUERIES=5
CONFIG_DNS_RESOLVER_ADDITIONAL_BUF_CTR=5
CONFIG_DNS_RESOLVER_AUTO_INIT=y
CONFIG_DNS_RESOLVER_CACHE=n
CONFIG_DNS_SERVER2="192.168.100.1"
CONFIG_DNS_SERVER1="8.8.8.8"
CONFIG_DNS_SERVER_IP_ADDRESSES=y

# Increased sysworkq size, due to LTE connectivity
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096


# logging
CONFIG_LOG=y
CONFIG_LOG_BUFFER_SIZE=16384
CONFIG_NET_LOG=y
CONFIG_NET_PKT_LOG_LEVEL_WRN=y
CONFIG_NET_TCP_LOG_LEVEL_WRN=y
CONFIG_MBEDTLS_LOG_LEVEL_DBG=y
CONFIG_TLS_CREDENTIALS_LOG_LEVEL_DBG=y
CONFIG_NET_SOCKETS_LOG_LEVEL_DBG=y
CONFIG_DNS_RESOLVER_LOG_LEVEL_DBG=y
CONFIG_COAP_LOG_LEVEL_DBG=y
CONFIG_NET_L2_PPP_LOG_LEVEL_INF=y
CONFIG_NET_BUF_LOG_LEVEL_DBG=y
CONFIG_NET_UDP_LOG_LEVEL_DBG=y
CONFIG_GOLIOTH_LOG_LEVEL_DBG=y
CONFIG_MBEDTLS_DEBUG=y
CONFIG_MBEDTLS_DEBUG_C=y
CONFIG_MBEDTLS_SSL_DEBUG_ALL=y
CONFIG_MBEDTLS_DEBUG_LEVEL=4


# Console/UART
CONFIG_LOG=y
CONFIG_SERIAL=y
CONFIG_PRINTK=y
CONFIG_CONSOLE=y
CONFIG_STDOUT_CONSOLE=y
CONFIG_UART_CONSOLE=y


# --- Network Buffers ---
CONFIG_NET_BUF_DATA_SIZE=512
CONFIG_NET_BUF_RX_COUNT=64
CONFIG_NET_BUF_TX_COUNT=64

# --- TCP Window Sizes (larger = better throughput on long RTT) ---
CONFIG_NET_TCP_MAX_RECV_WINDOW_SIZE=16384
CONFIG_NET_TCP_MAX_SEND_WINDOW_SIZE=16384

# --- Packet Buffers ---
CONFIG_NET_PKT_RX_COUNT=64
CONFIG_NET_PKT_TX_COUNT=64

# --- PPP Layer ---
CONFIG_NET_L2_PPP_TX_STACK_SIZE=4096
CONFIG_NET_PPP_RINGBUF_SIZE=4096
CONFIG_NET_PPP_RX_STACK_SIZE=4096
CONFIG_NET_PPP_UART_BUF_LEN=1024



# Stuff I might need
CONFIG_GOLIOTH_SAMPLE_COMMON=y
CONFIG_GOLIOTH_SAMPLE_SETTINGS_AUTOLOAD=y
CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y


# Stuff I might not need?
CONFIG_MBEDTLS=y
CONFIG_GOLIOTH_AUTH_METHOD_CERT=n
CONFIG_GOLIOTH_AUTH_METHOD_PSK=y

# Disable options y-selected by NCS for no good reason
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED=n
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED=n
CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED=n

CONFIG_NORDIC_SECURITY_BACKEND=n
CONFIG_GOLIOTH_SAMPLE_CREDENTIALS_SETTINGS=y

CONFIG_TLS_CREDENTIALS=y

CONFIG_NET_SOCKETS_ENABLE_DTLS=y
CONFIG_COAP=y
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED=y

nrf54l15dk_nrf54l15_cpuapp.overlay

/ {
    chosen {
        zephyr,ppp-uart = &uart30;
        nordic,pm-ext-flash = &mx25r64;
    };
};

&uart30 {
    status = "ok";
	current-speed = <921600>;
};

Change to main:
I also need to add a k_sleep(K_MSEC(1000)); just after net_connect(); or else the DNS look up would timeout. (To be fixed later)

Expected Behavior

The sample should wait for the PPP to start and get an IP
It should do a DNS lookup for coap.golioth.io
It should do all the connect stuff

Actual Behavior

The sample should wait for the PPP to start and get an IP - YES
It should do a DNS lookup for coap.golioth.io - YES
It should do all the connect stuff - Not so much

It tries to connect and I get the error Failed to connect to socket: -116 or TLS handshake error: -0x6e00. I don’t believe it’s an issue with PPP or firewalls.

I think the issue is with MBEDTLS but I am not sure.

Environment

nrf: v3.1.1
golioth: v0.21.1
For PPP I used this command:
pppd /dev/ttyACM0 921600 noauth local 192.168.50.51:192.168.50.50 nodetach debug
You will work out your own firewall settings; it’s distro dependent.

Logs and Console Output

Here is one super log of everthing

[00:00:00.008,147] <dbg> net_dns_resolve: dns_resolve_init_locked: (main): [0] 8.8.8.8
[00:00:00.008,383] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x20008df0, fd=3
[00:00:00.008,737] <dbg> net_sock_svc: socket_service_thread: (net_socket_service): Service WEST_TOPDIR/zephyr/subsys/net/lib/dns/resolve.c:43 has 1 pollable sockets
[00:00:00.008,759] <dbg> net_sock_svc: socket_service_thread: (net_socket_service): Monitoring 1 socket entries
*** Booting nRF Connect SDK v3.1.1-e2a97fe2578a ***
*** Using Zephyr OS v4.1.99-ff8f0c579eeb ***
[00:00:00.009,195] <dbg> conn_mgr: conn_mgr_mon_initial_state: (): Iface 0x20000d9c UP
[00:00:00.009,220] <dbg> conn_mgr: conn_mgr_mon_thread_fn: (): Connection Manager started
*** Golioth Firmware SDK v0.21.1 ***
[00:00:00.009,358] <inf> golioth_settings_autoload: Initializing settings subsystem
[00:00:00.011,201] <inf> fs_nvs: 2 Sectors of 4096 bytes
[00:00:00.011,208] <inf> fs_nvs: alloc wra: 0, f70
[00:00:00.011,214] <inf> fs_nvs: data wra: 0, a0
[00:00:00.011,234] <inf> golioth_settings_autoload: Loading settings
[00:00:00.012,019] <inf> golioth_stream: Start Golioth stream sample
[00:00:00.012,029] <inf> golioth_samples: Waiting to obtain IP address
[00:00:00.025,893] <dbg> conn_mgr: conn_mgr_ipv4_events_handler: (net_mgmt): IPv4 event 0xe0030001 received on iface 1 (0x20000d9c)
[00:00:00.025,927] <dbg> conn_mgr: conn_mgr_ipv4_events_handler: (net_mgmt): Iface index 0
[00:00:05.026,356] <inf> golioth_mbox: Mbox created, bufsize: 1320, num_items: 10, item_size: 120
[00:00:05.026,769] <dbg> golioth_coap_client_zephyr: golioth_coap_client_thread: Waiting for the "run" signal
[00:00:05.026,784] <dbg> golioth_coap_client_zephyr: golioth_coap_client_thread: Received "run" signal
[00:00:05.026,850] <dbg> net_sock_addr: exec_query: (coap_client): Timeout 2000
[00:00:05.027,035] <dbg> net_dns_resolve: dns_resolve_name_internal: (coap_client): DNS id will be 7512
[00:00:05.027,082] <dbg> net_dns_resolve: dns_write: (coap_client): [0] submitting work to server idx 0 for id 7512 hash 38706
[00:00:05.074,035] <dbg> net_sock: zsock_received_cb: (rx_q[0]): ctx=0x20008df0, pkt=0x2002cfb4, st=0, user_data=(nil)
[00:00:05.074,200] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
[00:00:05.074,223] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -103
[00:00:05.074,287] <dbg> golioth_coap_client_zephyr: golioth_connect_host_port: Trying addr '34.135.90.112'
[00:00:05.074,408] <dbg> net_sock_tls: tls_alloc: (coap_client): Allocated TLS context, 0x20005950
[00:00:05.074,712] <dbg> net_sock: zsock_socket_internal: (coap_client): socket: ctx=0x20008e88, fd=9
[00:00:05.075,521] <dbg> net_sock_tls: tls_mbedtls_init: (coap_client): Using user-specified ciphersuites
[00:00:05.075,587] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:1332: 0x20005a40: The SSL configuration is tls12 only.
[00:00:05.076,273] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:0292: 0x20005a40: set_timer to 0 ms
[00:00:05.076,332] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4662: 0x20005a40: => handshake
[00:00:05.076,386] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: 0x20005a40: => flush output
[00:00:05.076,439] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2363: 0x20005a40: <= flush output
[00:00:05.076,508] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4581: 0x20005a40: client state: MBEDTLS_SSL_HELLO_REQUEST
[00:00:05.076,608] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_misc.h:1353: 0x20005a40: handshake state: 0 (MBEDTLS_SSL_HELLO_REQUEST) -> 1 (MBEDTLS_SSL_CLIENT_HELLO)
[00:00:05.076,662] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: 0x20005a40: => flush output
[00:00:05.076,715] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2363: 0x20005a40: <= flush output
[00:00:05.076,783] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4581: 0x20005a40: client state: MBEDTLS_SSL_CLIENT_HELLO
[00:00:05.076,838] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0921: 0x20005a40: => write client hello
[00:00:05.077,113] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0487: 0x20005a40: dumping 'client hello, random bytes' (32 bytes)
[00:00:05.077,320] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0487: 0x20005a40: 0000:  ed 0e be a3 32 3a fe eb 39 9f f7 e0 38 3d 9b 50  ....2:..9...8=.P
[00:00:05.077,524] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0487: 0x20005a40: 0010:  cd 53 9f b0 d2 b6 26 14 43 c0 56 4b 3f 2a cf 12  .S....&.C.VK?*..
[00:00:05.077,593] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0512: 0x20005a40: dumping 'session id' (0 bytes)
[00:00:05.077,688] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0370: 0x20005a40: client hello, add ciphersuite: 00a8, TLS-PSK-WITH-AES-128-GCM-SHA256
[00:00:05.077,749] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0388: 0x20005a40: adding EMPTY_RENEGOTIATION_INFO_SCSV
[00:00:05.077,814] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0397: 0x20005a40: client hello, got zu cipher suites
[00:00:05.077,884] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0041: 0x20005a40: client hello, adding server name extension: 
[00:00:05.077,946] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9504: 0x20005a40: adding signature_algorithms extension
[00:00:05.078,023] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9524: 0x20005a40: got signature scheme [603] ecdsa_secp521r1_sha512
[00:00:05.078,101] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9533: 0x20005a40: sent signature scheme [603] ecdsa_secp521r1_sha512
[00:00:05.078,175] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9524: 0x20005a40: got signature scheme [601] rsa_pkcs1_sha512
[00:00:05.078,249] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9533: 0x20005a40: sent signature scheme [601] rsa_pkcs1_sha512
[00:00:05.078,326] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9524: 0x20005a40: got signature scheme [503] ecdsa_secp384r1_sha384
[00:00:05.078,402] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9533: 0x20005a40: sent signature scheme [503] ecdsa_secp384r1_sha384
[00:00:05.078,476] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9524: 0x20005a40: got signature scheme [501] rsa_pkcs1_sha384
[00:00:05.078,550] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9533: 0x20005a40: sent signature scheme [501] rsa_pkcs1_sha384
[00:00:05.078,626] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9524: 0x20005a40: got signature scheme [403] ecdsa_secp256r1_sha256
[00:00:05.078,703] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9533: 0x20005a40: sent signature scheme [403] ecdsa_secp256r1_sha256
[00:00:05.078,777] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9524: 0x20005a40: got signature scheme [401] rsa_pkcs1_sha256
[00:00:05.078,851] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:9533: 0x20005a40: sent signature scheme [401] rsa_pkcs1_sha256
[00:00:05.078,919] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:0272: 0x20005a40: client hello, adding max_fragment_length extension
[00:00:05.078,986] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:0338: 0x20005a40: client hello, adding extended_master_secret extension
[00:00:05.079,054] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0689: 0x20005a40: client hello, total extension length: zu
[00:00:05.079,129] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0x20005a40: dumping 'client hello extensions' (36 bytes)
[00:00:05.079,344] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0x20005a40: 0000:  00 24 00 00 00 05 00 03 00 00 00 00 0d 00 0e 00  .$..............
[00:00:05.079,556] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0x20005a40: 0010:  0c 06 03 06 01 05 03 05 01 04 03 04 01 00 01 00  ................
[00:00:05.079,689] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:0691: 0x20005a40: 0020:  01 03 00 17                                      ....
[00:00:05.079,757] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:0519: 0x20005a40: update timeout value to 1000 millisecs
[00:00:05.079,818] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:0292: 0x20005a40: set_timer to 1000 ms
[00:00:05.079,924] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_misc.h:1353: 0x20005a40: handshake state: 1 (MBEDTLS_SSL_CLIENT_HELLO) -> 2 (MBEDTLS_SSL_SERVER_HELLO)
[00:00:05.079,981] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2784: 0x20005a40: => write handshake message
[00:00:05.080,095] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2418: 0x20005a40: => ssl_flight_append
[00:00:05.080,173] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2419: 0x20005a40: dumping 'message appended to flight' (94 bytes)
[00:00:05.080,388] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2419: 0x20005a40: 0000:  01 00 00 52 00 00 00 00 00 00 00 52 fe fd ed 0e  ...R.......R....
[00:00:05.080,594] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2419: 0x20005a40: 0010:  be a3 32 3a fe eb 39 9f f7 e0 38 3d 9b 50 cd 53  ..2:..9...8=.P.S
[00:00:05.080,801] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2419: 0x20005a40: 0020:  9f b0 d2 b6 26 14 43 c0 56 4b 3f 2a cf 12 00 00  ....&.C.VK?*....
[00:00:05.081,015] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2419: 0x20005a40: 0030:  00 04 00 a8 00 ff 01 00 00 24 00 00 00 05 00 03  .........$......
[00:00:05.081,230] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2419: 0x20005a40: 0040:  00 00 00 00 0d 00 0e 00 0c 06 03 06 01 05 03 05  ................
[00:00:05.081,431] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2419: 0x20005a40: 0050:  01 04 03 04 01 00 01 00 01 03 00 17 00 00        ..............
[00:00:05.081,507] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2453: 0x20005a40: <= ssl_flight_append
[00:00:05.081,564] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2905: 0x20005a40: <= write handshake message
[00:00:05.081,623] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2535: 0x20005a40: => mbedtls_ssl_flight_transmit
[00:00:05.081,681] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2538: 0x20005a40: initialise flight transmission
[00:00:05.081,735] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2485: 0x20005a40: skip swap epochs
[00:00:05.081,813] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2639: 0x20005a40: dumping 'handshake header' (12 bytes)
[00:00:05.082,002] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2639: 0x20005a40: 0000:  01 00 00 52 00 00 00 00 00 00 00 52              ...R.......R
[00:00:05.082,060] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2944: 0x20005a40: => write record
[00:00:05.082,154] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3028: 0x20005a40: output record: msgtype = 22, version = [254:253], msglen = zu
[00:00:05.082,232] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: dumping 'output record sent to network' (107 bytes)
[00:00:05.082,448] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0000:  16 fe fd 00 00 00 00 00 00 00 00 00 5e 01 00 00  ............^...
[00:00:05.082,659] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0010:  52 00 00 00 00 00 00 00 52 fe fd ed 0e be a3 32  R.......R......2
[00:00:05.082,864] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0020:  3a fe eb 39 9f f7 e0 38 3d 9b 50 cd 53 9f b0 d2  :..9...8=.P.S...
[00:00:05.083,073] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0030:  b6 26 14 43 c0 56 4b 3f 2a cf 12 00 00 00 04 00  .&.C.VK?*.......
[00:00:05.083,288] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0040:  a8 00 ff 01 00 00 24 00 00 00 05 00 03 00 00 00  ......$.........
[00:00:05.083,502] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0050:  00 0d 00 0e 00 0c 06 03 06 01 05 03 05 01 04 03  ................
[00:00:05.083,684] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0060:  04 01 00 01 00 01 03 00 17 00 00                 ...........
[00:00:05.083,757] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3068: 0x20005a40: Still 1941 bytes available in current datagram
[00:00:05.083,810] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3081: 0x20005a40: <= write record
[00:00:05.083,863] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: 0x20005a40: => flush output
[00:00:05.083,932] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2368: 0x20005a40: message length: zu, out_left: zu
[00:00:05.087,626] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2375: 0x20005a40: ssl->f_send() returned 107 (-0xffffff95)
[00:00:05.087,681] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2402: 0x20005a40: <= flush output
[00:00:05.087,743] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:0292: 0x20005a40: set_timer to 1000 ms
[00:00:05.087,807] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2680: 0x20005a40: <= mbedtls_ssl_flight_transmit
[00:00:05.087,863] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_client.c:1014: 0x20005a40: <= write client hello
[00:00:05.087,918] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: 0x20005a40: => flush output
[00:00:05.087,970] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2363: 0x20005a40: <= flush output
[00:00:05.088,039] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4581: 0x20005a40: client state: MBEDTLS_SSL_SERVER_HELLO
[00:00:05.088,094] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:1196: 0x20005a40: => parse server hello
[00:00:05.088,146] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4299: 0x20005a40: => read record
[00:00:05.088,204] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4398: 0x20005a40: => ssl_load_buffered_message
[00:00:05.088,279] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4464: 0x20005a40: Next handshake message 0 not or only partially bufffered
[00:00:05.088,337] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4472: 0x20005a40: <= ssl_load_buffered_message
[00:00:05.088,390] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2156: 0x20005a40: => fetch input
[00:00:05.088,456] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2202: 0x20005a40: in_left: zu, nb_want: zu
[00:00:05.088,524] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2241: 0x20005a40: f_recv_timeout: 1000 ms
[00:00:05.088,594] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4673: 0x20005a40: <= handshake
[00:00:06.087,788] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4662: 0x20005a40: => handshake
[00:00:06.087,850] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: 0x20005a40: => flush output
[00:00:06.087,903] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2363: 0x20005a40: <= flush output
[00:00:06.087,971] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4581: 0x20005a40: client state: MBEDTLS_SSL_SERVER_HELLO
[00:00:06.088,027] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:1196: 0x20005a40: => parse server hello
[00:00:06.088,079] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4299: 0x20005a40: => read record
[00:00:06.088,137] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4398: 0x20005a40: => ssl_load_buffered_message
[00:00:06.088,212] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4464: 0x20005a40: Next handshake message 0 not or only partially bufffered
[00:00:06.088,269] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4472: 0x20005a40: <= ssl_load_buffered_message
[00:00:06.088,322] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2156: 0x20005a40: => fetch input
[00:00:06.088,400] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2202: 0x20005a40: in_left: zu, nb_want: zu
[00:00:06.088,459] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:0306: 0x20005a40: timer expired
[00:00:06.088,512] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2230: 0x20005a40: timer has expired
[00:00:06.088,562] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2258: 0x20005a40: timeout
[00:00:06.088,622] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:0292: 0x20005a40: set_timer to 0 ms
[00:00:06.088,690] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:0510: 0x20005a40: update timeout value to 2000 millisecs
[00:00:06.088,745] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2516: 0x20005a40: => mbedtls_ssl_resend
[00:00:06.088,803] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2535: 0x20005a40: => mbedtls_ssl_flight_transmit
[00:00:06.088,862] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2538: 0x20005a40: initialise flight transmission
[00:00:06.088,916] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2485: 0x20005a40: skip swap epochs
[00:00:06.088,994] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2639: 0x20005a40: dumping 'handshake header' (12 bytes)
[00:00:06.089,182] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2639: 0x20005a40: 0000:  01 00 00 52 00 00 00 00 00 00 00 52              ...R.......R
[00:00:06.089,241] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2944: 0x20005a40: => write record
[00:00:06.089,334] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3028: 0x20005a40: output record: msgtype = 22, version = [254:253], msglen = zu
[00:00:06.089,412] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: dumping 'output record sent to network' (107 bytes)
[00:00:06.089,627] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0000:  16 fe fd 00 00 00 00 00 00 00 01 00 5e 01 00 00  ............^...
[00:00:06.089,839] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0010:  52 00 00 00 00 00 00 00 52 fe fd ed 0e be a3 32  R.......R......2
[00:00:06.090,044] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0020:  3a fe eb 39 9f f7 e0 38 3d 9b 50 cd 53 9f b0 d2  :..9...8=.P.S...
[00:00:06.090,253] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0030:  b6 26 14 43 c0 56 4b 3f 2a cf 12 00 00 00 04 00  .&.C.VK?*.......
[00:00:06.090,468] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0040:  a8 00 ff 01 00 00 24 00 00 00 05 00 03 00 00 00  ......$.........
[00:00:06.090,682] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0050:  00 0d 00 0e 00 0c 06 03 06 01 05 03 05 01 04 03  ................
[00:00:06.090,864] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3033: 0x20005a40: 0060:  04 01 00 01 00 01 03 00 17 00 00                 ...........
[00:00:06.090,937] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3068: 0x20005a40: Still 1941 bytes available in current datagram
[00:00:06.090,990] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3081: 0x20005a40: <= write record
[00:00:06.091,044] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: 0x20005a40: => flush output
[00:00:06.091,112] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2368: 0x20005a40: message length: zu, out_left: zu
[00:00:06.094,806] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2375: 0x20005a40: ssl->f_send() returned 107 (-0xffffff95)
[00:00:06.094,861] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2402: 0x20005a40: <= flush output
[00:00:06.094,923] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:0292: 0x20005a40: set_timer to 2000 ms
[00:00:06.094,987] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2680: 0x20005a40: <= mbedtls_ssl_flight_transmit
[00:00:06.095,043] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2520: 0x20005a40: <= mbedtls_ssl_resend
[00:00:06.095,099] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4673: 0x20005a40: <= handshake
[00:00:08.076,300] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4662: 0x20005a40: => handshake
[00:00:08.076,362] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2354: 0x20005a40: => flush output
[00:00:08.076,415] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2363: 0x20005a40: <= flush output
[00:00:08.076,483] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4581: 0x20005a40: client state: MBEDTLS_SSL_SERVER_HELLO
[00:00:08.076,538] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls12_client.c:1196: 0x20005a40: => parse server hello
[00:00:08.076,591] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4299: 0x20005a40: => read record
[00:00:08.076,649] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4398: 0x20005a40: => ssl_load_buffered_message
[00:00:08.076,724] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4464: 0x20005a40: Next handshake message 0 not or only partially bufffered
[00:00:08.076,781] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4472: 0x20005a40: <= ssl_load_buffered_message
[00:00:08.076,834] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2156: 0x20005a40: => fetch input
[00:00:08.076,912] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2202: 0x20005a40: in_left: zu, nb_want: zu
[00:00:08.076,980] <inf> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:2241: 0x20005a40: f_recv_timeout: 2000 ms
[00:00:08.077,051] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:4673: 0x20005a40: <= handshake
[00:00:08.077,067] <err> golioth_coap_client_zephyr: Failed to connect to socket: -116
[00:00:08.077,126] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:6334: 0x20005a40: => write close notify
[00:00:08.077,181] <wrn> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:6345: 0x20005a40: <= write close notify
[00:00:08.077,816] <dbg> net_sock: zsock_close_ctx: (coap_client): close: ctx=0x20008e88, fd=9
[00:00:08.077,863] <err> golioth_coap_client_zephyr: Failed to connect: -116
[00:00:08.077,869] <wrn> golioth_coap_client_zephyr: Failed to connect: -116

Additional Information

I would just like to test golioth on any nrf dk that is NOT a nrf9160 and not need any hats.

Thank you

marko · November 19, 2025, 10:00am

Hey @Ashlin,

You were absolutely correct in enabling MBEDTLS_LEGACY_CRYPTO_C in your project configuration. That matches the same Kconfig symbol we enable in our nRF9160DK examples. The blog post you referenced is more than a year old, so quite a few things have changed in both NCS and the Firmware SDK since then.

From the logs on your nRF54L15 + PPP-over-laptop setup, I can see that the device obtains an IP address and resolves DNS successfully. It also sends a DTLS ClientHello, but the server never responds, which is why you end up with a handshake timeout. In practice, this usually means the handshake packets never made it to the server, most often because UDP traffic on port 5684 is being blocked somewhere along the path. In other words, it seems that your device can’t reach Golioth servers at that IP/port over the current network route.

That said, I’d prefer to get you unblocked quickly on the nRF9151 DK, rather than spend more time debugging the nRF54L15 + PPP setup. Using the nRF9151 DK should be straightforward, and for our examples it behaves very similarly to the nRF9160DK.

When you say it won’t connect to the cellular network, do you have any additional details?

Has the SIM card been activated?
Do you have data/usage available on the SIM?
Do you have a good cellular signal?
Which protocol are you using and have coverage for (LTE-M or NB-IoT)?
Do you need to configure the APN for your carrier?

Any extra info you can share will help narrow this down quickly.

Ashlin · November 20, 2025, 12:36am

I have been able to get the samples running on the nrf9151.

I needed to do two things:

Add CONFIG_MBEDTLS_ECP_C=yand CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y
Wait a long time

I left the sample running for 30 minutes, and it started to work on its own; I’m not sure why, but I suppose it was due to modem shenanigans.

It now starts within 30 seconds and is able to send data to Golioth.

For now, this is fine.
Thank you

marko · November 20, 2025, 12:06pm

We’ve seen the same behavior where the modem needs a few minutes to connect on the first attempt, but not half an hour. The modem will store cell tower information in NVS, which significantly speeds up subsequent registrations. That explains why you’re now seeing attach times drop to around 30 seconds.

It’s also possible that the initial delay happened because, by default, the modem will attempt LTE-M first and then fall back to NB-IoT. You can force the modem to use a specific RAT by setting:

CONFIG_LTE_NETWORK_MODE_LTE_M=y

or

CONFIG_LTE_NETWORK_MODE_NBIOT=y

If your network requires a specific APN, you can override the default PDN configuration by adding:

CONFIG_PDN=y
CONFIG_PDN_DEFAULTS_OVERRIDE=y
CONFIG_PDN_DEFAULT_APN="<carrier-APN>"