1 (edited by ravi.kumar 2017-11-24 02:22:04)

Topic: SSL TLS1.3 connectivity issues

Hi,

I'm using wolfSSL-3.12.0 with the settings like,
./configure --enable-ecc -enable-tls13 && make.

I'm using linux-4.2.3-300.fc23.i686 machine

And I'm giving the below commands to run server and client,
Server_1: ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256
Client_1: ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256


In this case, wolfssl server closing the client connection. Find the following debug messages,

Could not verify suite validity, continue
Unsupported cipher suite, ClientHello
wolfSSL Leaving DoTls13HandShakeMsgType(), return -501
wolfSSL Leaving DoTls13HandShakeMsg(), return -501
wolfSSL error occurred, error = -501
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -501
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -501
wolfSSL Entering ERR_error_string
SSL_accept error -501, can't match cipher suite
wolfSSL error: SSL_accept failed

Request you to please check  the attached log for your complete reference of error.

Regards,
Ravi.

Post's attachments

tls13_server_client_cap 7.16 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: SSL TLS1.3 connectivity issues

Hi ravi.kumar,

To use the `TLS13-AES128-GCM-SHA256` cipher suite you must also enable AES GCM. Please try adding `--enable-aesgcm` to your ./configure options.

Another helpful tip is you can get a list of available cipher suites using:
./examples/client/client -e

You can get a list of ./configure commands using `./configure --help`.

Thanks,
David Garske, wolfSSL

Share