Ok, switching the cipher suites seems to work now, since I fixed another bug...
Best regards,
Steffen
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by steffen.mueller4
Pages 1
Ok, switching the cipher suites seems to work now, since I fixed another bug...
Best regards,
Steffen
Hi Piotr,
the extra flag -g1, as far as I understand the link provided by Kaleb, does not allow you to debug. With the flag the compiler does not store all debug symbols. And if you do not specify the -g1 option, the compiler uses the default option -g2 and you run into the initial problems.
For me, the -g1 flag was an option, since I did not want to debug but wanted to have the debug output of wolfSSL.
Regards,
Steffen
Hi Jacob,
thanks for your advice.
However, the suite seems to be set correctly in my unit test class. Java uses the IETF RFC cipher suite format mentioned in my previous post, i.e., TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_DHE_RSA_WITH_AES_256_CBC_SHA256. The string is transformed by the class WolfSSLCipherSuiteList (https://github.com/steffenmueller4/wolf … eList.java) to the wolfssl format you mentioned.
The error from the previous post (wolfSSL_connect failed. err = -501) occurs despite the setCipherList method from the wolfssl JNI library returns WolfSSL.SSL_SUCCESS in line 197 of the socket implementation class (https://github.com/steffenmueller4/wolf … tImpl.java).
Regarding the wolfSSL JNI test server and client: I started both, the client and the server, with the parameter
-l DHE-RSA-AES256-SHA256
I think, this is correct, isn't it? However, the error in the picture occured. In contrast to this, the wolfSSL test server and client (the c implementation from the wolfssl lib) worked with this parameter.
Regards,
Steffen
Ok, I tested a lot of things...
Current state is that setting the cipher suite using the JNI library does not seem to work correctly
I tried to set the cipher list at various positions in the source code. Furthermore, I tried to set the cipher suites via the context as well as the session...
Now, I checked in a version that sets the suites via the session. This version works reasonably. However, if I set the suites, for example, to {"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"} (in the unit test "SendReceiveWithDifferentCipherSuite") the sockets cannot connect:
connect state: CLIENT_HELLO_SENT
16:38:05,679 DEBUG [LoggingCallback] - wolfSSL Entering SSL_get_error
16:38:05,679 DEBUG [LoggingCallback] - wolfSSL Leaving SSL_get_error, return -501
16:38:05,679 DEBUG [LoggingCallback] - wolfSSL Entering ERR_error_string
16:38:05,679 ERROR [SSLSocketBaseClientServer] - Error in server
java.io.IOException: wolfSSL_connect failed. err = -501, can't match cipher suite
at edu.kit.aifb.eorg.wolfssl.WolfSSLSocketImpl.doneConnect(WolfSSLSocketImpl.java:229)
at edu.kit.aifb.eorg.wolfssl.WolfSSLServerSocketImpl.accept(WolfSSLServerSocketImpl.java:90)
at edu.kit.aifb.eorg.wolfssl.SSLSocketTestServer.getSSLSocket(SSLSocketTestServer.java:55)
at edu.kit.aifb.eorg.wolfssl.SSLSocketBaseClientServer.run(SSLSocketBaseClientServer.java:102)
Additionally, setting the cipher suites in the JNI lib does not even work when using the Java test client and server (see: attached picture).
Does anybody have an idea to get it working?
Thanks,
Steffen
Hi everybody,
I'm trying to build a JSSE integration for wolfSSL within a small research project (https://github.com/steffenmueller4/wolf … ntegration).
Therefore, I have to implement the methods
edu.kit.aifb.eorg.wolfssl.WolfSSLSocketImpl.setEnabledCipherSuites(...)
and
edu.kit.aifb.eorg.wolfssl.WolfSSLServerSocketImpl.setEnabledCipherSuites(...)
to set the enabled cipher suite list.
I tried to invoke the methods from wolfSSL (see: https://www.wolfssl.com/documentation/w … -javadocs/)
com.wolfssl.WolfSSLContext.setCipherList(...)
and
com.wolfssl.WolfSSLSession.setCipherList(...)
However, neither the first nor the second change it right.
For example, when I set the the enabled cipher suite to TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, wolfSSL negotiates TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for a connection.
Do I misunderstand the methods? Do I do anything wrong? What do I do wrong? Is there any pre-/postcondition when calling the methods? Does anybody have a hint/idea to fix it (or to improve the complete code :-))?
Thanks
Steffen
PS: I use wolfSSL 3.6.9 + the JNI library in version 1.2.0.
Hi Kaleb,
thanks for your hints!
However, the given options do not work on my ubuntu system. After trying many other option, I found a running option set:
./configure <existing_options> C_EXTRA_FLAGS="-g1 -feliminate-unused-debug-symbols -fdebug-types-section"
This option set outputs debugging info that is sufficient for my purposes.
Best regards,
Steffen
Hi everybody,
The solution does not work on my ubuntu 14.04 desktop system. There seems to be an issue with LD...
Is there perhaps any other solution to get debug working for this configuration?
Thanks
Steffen
Pages 1
wolfSSL - Embedded SSL Library → Posts by steffen.mueller4
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.016 seconds (95% PHP - 5% DB) with 5 queries