1 (edited by jskier 2018-08-22 19:25:17)

Topic: nginx testing with wolfssl ERR_SSL_VERSION_INTERFERENCE

Hi,

I am trying to test nginx 1.14 stable with wolfssl stable in Linux. I compiled nginx with the patches on github for wolfssl, and wolfssl with tls13 and nginx enabled. Everything appears to have compiled fine. TLS 1.2 works great, however Firefox and Chrome complain when using TLS 1.3:

ERR_SSL_VERSION_INTERFERENCE

Does anyone have any insight into this?

Share

2 (edited by Kaleb J. Himes 2018-08-27 14:31:33)

Re: nginx testing with wolfssl ERR_SSL_VERSION_INTERFERENCE

@jskier,

Thank you for your questions and for using the wolfSSL forums. I've reached out to our TLS 1.3 expert to see if he has any thoughts.

I'll let you know what I find. In the meantime could you tell us a little about your project with NGINX and interest in using the wolfSSL solution?! We love to hear what it is our consumers are working on and what motivated the effort. Thanks!



- Kaleb

Re: nginx testing with wolfssl ERR_SSL_VERSION_INTERFERENCE

Hi @jskier,

The problem is likely to be the difference in support for TLS 1.3 in wolfSSL and the browser.
Try configuring wolfSSL with --enable-wolfssl-tls13-draft23.
This will have wolfSSL use the Draft 23 version of the TLS 1.3 protocol which should be supported by the browsers.

- Sean

Share

Re: nginx testing with wolfssl ERR_SSL_VERSION_INTERFERENCE

Thanks for that option. After re-compiling both the library and nginx, it stays on tls1.2 (oddly even if only tls1.3 is enabled in nginx). Tried both draft23 and 28.

Mostly looking to test this out on pi's and how they do with tls1.3.

Share

Re: nginx testing with wolfssl ERR_SSL_VERSION_INTERFERENCE

jskier,

Let us know if you have any further issues!

- K