1 (edited by ykuz 2020-11-09 08:08:17)

Topic: TLS 1.3: select specific group; logging

Hello everyone,

1. I am using TLS 1.3 only (without older versions) and would like to negotiate shared secret using one specific group (for example, ECC_X448). Is there any way to do it?


2. And also I would like to enable full debug logs.
For instance, if I use client and server programs (./examples/client/client and ./examples/server/server respectively) and configure build using

./configure --enable-tls13 --disable-tlsv12 --disable-oldtls --enable-debug

and also define WOLFSSL_DEBUG_TLS in the client and server, then only function names will be printed in the stderr, without printing the full keys (using WOLFSSL_BUFFER) and other secrets.


It would be really useful if, for example, he public keys could be printed when calling TLSX_KeyShare_GenKey() function.
Is it possible and how can I enable it?


Thank you very much for your help!


Regards,
Julia

Share

Re: TLS 1.3: select specific group; logging

Hi Julia,

Thanks for reaching out with your question.

1.
You can use:
wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X448)
See https://www.wolfssl.com/doxygen/ssl_8h. … 9e61875b44

2.
I believe --enable-debug configure option is all you need to display debug info of the server/client example application.

Hope this helps.

Share

3 (edited by ykuz 2020-11-10 05:09:54)

Re: TLS 1.3: select specific group; logging

tmael wrote:

2.
I believe --enable-debug configure option is all you need to display debug info of the server/client example application.

Hope this helps.

Hi tmael,

Thanks!

Share