Topic: TLS 1.3 and TLS13-CHACHA20-POLY1305-SHA256

Hi Guys

I'm having a strange issue with TLS 1.3 on wolfSSL 4.3 when cypher suite is provided (I want to be limited to TLS13-CHACHA20-POLY1305-SHA256 to save MCU resources).

What I did I took an example https://github.com/wolfSSL/wolfssl-exam … ls-ecdhe.c and changed

wolfTLSv1_2_server_method()

to

wolfTLSv1_3_server_method()

Ciphersuite selected by wolfSSL_CTX_set_cipher_list() as

"TLS13-CHACHA20-POLY1305-SHA256"

On the client site (file client-tls-ecdhe.c) the method is also changed to TLS 1.3 and the cypher suite.


So far all works well, with or without cypher suite selection on server site. Confirmed with Wireshark too.


The problem is with curl (cannot get connected), as well as with  Chrome or Firefox.


When I comment out the call of wolfSSL_CTX_set_cipher_list() function on the server-side I'm getting connected (curl and the web browsers) but as TLSv1.3 TLS_AES_128_GCM_SHA256 (my goal is to avoid AES at all).

The question is: How can I force using TLS1.3 with TLS13-CHACHA20-POLY1305-SHA256 only and only in this mode? Why wolfssl example client get connected, but curl throw out an error?:

curl -vvv -k --tlsv1.3 https://xxx.yyy.225.101:11111
*   Trying xxx.yyy.225.101:11111...
* Connected to xxx.yyy.225.101 (xxx.yyy.225.101) port 11111 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, unexpected_message (522):
* error:1408F1BB:SSL routines:ssl3_get_record:bad record type
* Closing connection 0
curl: (35) error:1408F1BB:SSL routines:ssl3_get_record:bad record type

Any ideas? Is that a known error or I'm doing something wrong?

Cheers
Chris

Share

Re: TLS 1.3 and TLS13-CHACHA20-POLY1305-SHA256

Hi Chris,

Are you using the latest Curl and what is the TLS engine you are using in Curl? The `curl -h | sed -ne '/--tlsv/p' ` command will show you the TLS versions.

Is your Curl using openssl? Try running `openssl ciphers -v | grep TLSv1.3` and make sure the cipher suite is listed.

I ran a quick test on my Mac and it worked against openssl s_client. Using CURL I got a similar error, but I am running an older Curl.

./configure --enable-tls13 && make
./examples/server/server -d -b -g -v 4 -l TLS13-CHACHA20-POLY1305-SHA256
SSL version is TLSv1.3
SSL cipher suite is TLS_CHACHA20_POLY1305_SHA256
SSL curve name is SECP256R1
Client message:
openssl s_client -tls1_3 -ciphersuites 'TLS_CHACHA20_POLY1305_SHA256' -connect localhost -port 11111
...
wolfSSL has successfully performed handshake!
...

./examples/server/server -d -b -g -v 4 -l TLS13-CHACHA20-POLY1305-SHA256
SSL_accept error -308, error state on socket
wolfSSL error: SSL_accept failed

curl --version
curl 7.62.0-DEV (x86_64-apple-darwin17.7.0) libcurl/7.62.0-DEV wolfSSL/3.15.3 zlib/1.2.11 nghttp2/1.39.2
Release-Date: [unreleased]

curl -vvv -k --tlsv1.3 https://localhost:11111
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 11111 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 11111 (#0)
* CyaSSL: TLS 1.3 is not yet supported
curl: (35) CyaSSL: TLS 1.3 is not yet supported


Thanks,
David Garske, wolfSSL

Share

Re: TLS 1.3 and TLS13-CHACHA20-POLY1305-SHA256

Hi David,

thanks for a quick reply.

I do have a Curl that supports TLSv1.3. I ran yours quick ran on my machine and... got your results hmm That is odd.

I do have wolfSSL 4.3.0 but as git clone dated Jan 18. That version is broken (broken commit?). Fresh 4.3 (official release tar.gz) is ok. My version on server site throws this error: "SSL_accept error -306, parse error on header"

Sorry for confusing.

I have modified asn.c & asn.h to support CSR generation (with AltName) and cert generation based on CSR (CSR signing) for my project. I will apply my changes to the latest version 4.4 and I'll back here.

My changes will be available on my fork and I will send Push Request (PR about CSR generation with AltName - correct for Let's Encrypt, is still open).

Cheers
Chris

Share

Re: TLS 1.3 and TLS13-CHACHA20-POLY1305-SHA256

Hi Chris,

We just put up a TLS v1.3 fix that might resolve that -306 error. Another customer reported an issue with the order of the TLS extensions.

https://github.com/wolfSSL/wolfssl/pull/2934

Let me know if that helps. Looking forward to your PR. We'll need to get a signed contributor agreement in place to accept it. Go ahead and submit the PR and then send a note to support@wolfssl.com and we can send you that.

Thanks,
David Garske, wolfSSL

Share