caseyf,

Great! Glad to hear that worked!

If you ever have any other questions feel free to send a note to support@wolfssl.com for quicker response times than the forums.

Thank you for using the wolfSSL forums and glad we were able to assist on this.

Warmest Regards,

Kaleb

Hi caseyf,

Thanks for using the wolfSSL forums. I'm looking into this now but must admit I'm a bit stumped. I have tried multiple tests against that server, I can tell it supports the following cipher suites:

|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C

I can connect to it with multiple browser clients.

I can see a successful connection in Google Chrome

Secure connection
The connection to this site is encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher)

But when I try to use the same cipher with wolfssl example client I get an immediate rejection from the server:

kalebhimes$ ./examples/client/client -h dreamwidth.org -p 443 -d -g -l ECDHE-RSA-AES128-GCM-SHA256
wolfSSL_connect error -313, revcd alert fatal error
wolfSSL error: wolfSSL_connect failed

I'll keep digging and let you know if I find the reason.

Warm Regards,

Kaleb

Hi CryptoGuy,

Could you send me the full list of source files you are compiling along with any settings you are using to further reduce code size (For example are you using NO_MD5, NO_SHA, ... etc)

Could you also tell us a little about the project you are working on and your goals for just using DH key exchange stand alone?

I can try to provide additional defines to reduce object size depending on what you are already using.

Warm Regards,

Kaleb

Hi chaitanya.citupes,

Could you configure wolfSSL with --enable-debug or

#define WOLFSSL_DEBUG

then call:

wolfSSL_Debugging_ON();

At the start of the application just after

wolfSSL_Init();

Could you send us the output of that log on the client and server side?

Warm Regards,

Kaleb

Hi pc_magas,

It's actually quite simple! We have a define WOLFSSL_SGX that will do the configuration for you see <wolfssl-root>/wolfssl/wolfcrypt/settings.h look for WOLFSSL_SGX section. That is where SINGLE_THREADED will get defined.

All you have to do is browse to <wolfssl-root>/IDE/LINUX_SGX/ directory and run the build or clean commands. I have some simple bash scripts I use to expedite this process when I work with our SGX solution but be sure to checkout the README in that directory so you know what settings I am using and why:

Here is the script I use, I just name is build.sh and then run ./build.sh whenever I need to remake

#!/bin/sh


CFLAGS="-DDEBUG_WOLFSSL"
export CFLAGS=${CFLAGS}

make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1

Here is my clean.sh:

#!/bin/sh

make -f sgx_t_static.mk clean

If you checkout the file sgx_t_static.mk you will see that we are already defining WOLFSSL_SGX for you:

Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX

So just go to that directory, create the file build.sh and then give it executable permissions (chmod 755 build.sh), run it and you will have a static library.

Then go to the wolfssl-examples directory and you can create a similar build-examples.sh and clean-examples.sh, here are the contents of the ones I use, again review the README so you understand what is being set and why.

NOTE: UPDATE ANY LINE CONTAINING <PATH-TO... wolfSSL Root Directory> to match your environment!

build-examples.sh:

#!/bin/sh

make SGX_MODE=HW SGX_PRERELEASE=0 SGX_WOLFSSL_LIB=<PATH-TO... wolfSSL Root Directory>/IDE/LINUX-SGX/ WOLFSSL_ROOT=<PATH-TO... wolfSSL Root Directory> SGX_DEBUG=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_BENCHMARK=1 SGX_SDK=/opt/intel/sgxsdk

contents of clean-examples.sh

#!/bin/sh

make clean SGX_MODE=HW SGX_PRERELEASE=0 SGX_WOLFSSL_LIB=<PATH-TO... wolfSSL Root Directory>/IDE/LINUX-SGX/ WOLFSSL_ROOT=<PATH-TO... wolfSSL Root Directory> SGX_DEBUG=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_BENCHMARK=1 SGX_SDK=/opt/intel/sgxsdk

Best Regards,

Kaleb

Hi Nimesh,

We have a really detailed guide here of building wolfSSL + TIRTOS into a static library: https://github.com/wolfSSL/wolfssl-exam … /README.md

To add the MQTT sources to the same build will require some custom modifications to the existing wolfssl.mak

If you contact Texas Instruments they can assist you with their build system and best practices to modify our existing solution to pull in new sources and any other questions pertaining to the Texas Instruments TIRTOS libraries.

Also if you need this solution quickly wolfSSL does offer traditional consulting services and can do the bring up of wolfSSL + wolfMQTT + TIRTOS for you, just let us know and we can get you in touch with one of our account managers to discuss time-lines and project goals.

Warmest Regards,

Kaleb

Hi thivya,

One of our developers did some quick testing on the latest wolfSSL.X project and there was an error thrown about our file name change from:

<wolf-root>/src/io.c ---> <wolf-root>/src/wolfio.c
<wolf-root>/wolfssl/io.h ---> <wolf-root>/wolfssl/wolfio.h

Fixing those resolved the issues. You said a "whole bunch of errors", could you send us a copy of those errors that we might determine what is happening there?

It could be that the default configuration for MPLAB harmony just doesn't have the cipher suite configured.
Could you check if the configuration being used includes the define HAVE_ANON and does NOT have the define NO_DH?

Regards,

Kaleb

Ajay,

It is my pleasure. Thank you for using wolfSSL support forums!

Happy Holidays and Cheers,

Kaleb

Hi lalonde,

Since you are working in a windows environment I am surprised the include

#include <wolfssl/options.h>

is working properly! That is typically automatically generated when you build with "./configure && make" on a unix/linux platform.

To ensure that the application and the library have the same settings could you instead use

#include "user_settings.h"

in place of options.h?

The library and the application should both have the exact same configuration to ensure proper functionality.

Please let me know if this resolves the link-time issues you are seeing!

Warmest Regards,

Kaleb

Hi Devyr,

Yes this is entirely possible. In fact we have an example of doing this in our wolfCLU (Command Line Utility). In that solution we encrypt 1K at a time with CBC and output the result to a file.

The relevant while loop can be seen at this link: https://github.com/wolfSSL/wolfssl-exam … ypt.c#L155

An example of using the command line tool once built and installed based off the README would be:

wolfssl -encrypt 3des-cbc-168 -pwd ThisIsMyPassword -in somefile.txt -out encryptedfile.txt

That would encrypt your file, 1 Kilobyte at a time using CBC mode.
You may also use that code as a reference if you are looking to develop your own solution.

If you are looking for ECB mode then yes wolfSSL does support ECB as well.

Warm Regards,

Kaleb

Hi Andrew,

Yes that is possible. We have that there specifically for custom XMALLOC solutions. On standard systems we generally just pass in NULL for the heap pointer and it is not used.

We have a custom solution that uses that pointer as a "hint" and to track memory that has been handed out vs memory available when using a fixed amount of static memory as opposed to dynamic memory. You can use that pointer in your custom implementation for whatever purpose you deem relevant.

Warm Regards,

Kaleb