1 (edited by savek 2016-11-22 06:44:40)

Topic: [SOLVED] Problem w/ Client-Cert-Auth w/ Wolfssl-Server w/ CHACHA-POLY

When creating an TLS 1.2 Server with wolfSSL using the TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 cipher suite and configuring for TLS client authentication, the server sends a certificate request with type 0x01 (RSA) to the client.

All other ECDHE_ECDSA suites ask for a 0x40 (ECDSA) cert though.

Wolf-server with wolf-client still asks for an RSA cert but then happily sends (client) and accepts (server) an ECDSA cert (see attached packet capture).

wolfSSL 3.9.10
gcc 4.8.5 on Linux x64

Post's attachments

wolf_chacha_poly_cert_type.pcapng 6.27 kb, 1 downloads since 2016-11-22 

You don't have the permssions to download the attachments of this post.

Share

Re: [SOLVED] Problem w/ Client-Cert-Auth w/ Wolfssl-Server w/ CHACHA-POLY

Hi savek,

Thanks for the report.  I am able to reproduce this on my end and am looking into it further.  I'll keep you updated on my status.

Best Regards,
Chris

Re: [SOLVED] Problem w/ Client-Cert-Auth w/ Wolfssl-Server w/ CHACHA-POLY

Any update?

Share

Re: [SOLVED] Problem w/ Client-Cert-Auth w/ Wolfssl-Server w/ CHACHA-POLY

Hi savek,

As of the following commit, wolfSSL will now request the correct certificate type in the CertificateRequest message when using ECDSA-CHACHA cipher suites.  This will be included in our next stable release of wolfSSL.

https://github.com/wolfSSL/wolfssl/pull … 8489230ed3

Thanks,
Chris