You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options
Kaleb,
I used the wolfSSL_CTX_SetTmpDH() directly and passed the values directly and got it to work. Thanks!
It works well with IPv4. I tried enabling IPv6 and I wasn't able to make a connection to the IPv6 server from an openssl s_client. I used the command openssl s_client -cipher ADH-AES128-SHA -connect [link local IPv6 address]:443. I received an error 19.
However, I'm able to access the server from a web browser(without forcing a specific cipher suite) when I try accessing https://[link local IPv6 address].
Why do you think I'm unable to access the server from openssl command line through the IPv6 address?
I'm running openssl 1.1.0f on Linux Mint 18.2.
Kaleb,
I figured out that the haveDH byte was never set in the configuration despite not defining NO_DH. So, when I explicitly set the value of haveDH to 1 in the SSL context, I was able to get past a few more steps in the handshake process. At this point, by looking into the traces I figured out that I had to set the DH parameters through a PEM file. When I tried enabling the filesystem(by removing the NO_FILESYSTEM macro), I'm facing a different issue now. Initially the compilation failed saying couldn't find the file <dirent.h>. Is this because I'm compiling it on a Windows 10 machine? Then I tried defining the USE_WINDOWS_API macro to fix this error and now it couldn't find <winsock2.h> .
Can you help me with this?
Kaleb J. Himes wrote:Hi thivya_ashok,
If not already doing so could you try calling this API before wolfSSL_CTX_set_cipher_list:
wolfSSL_CTX_allow_anon_cipher(ctx);
See an example here:
https://github.com/wolfSSL/wolfssl/blob … nt.c#L1542
Let me know your results.
Warm Regards,
Kaleb
Kaleb,
I had already included the API you had suggested but no luck. Here is the code snippet from net_pres_enc_glue.c, where the wolfssl CTX is created:
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Init();
wolfSSL_SetLoggingCb(NET_PRES_EncProviderStreamServerLog0);
wolfSSL_Debugging_ON();
_net_pres_wolfsslUsers++;
}
net_pres_wolfSSLInfoStreamServer0.transObject = transObject;
net_pres_wolfSSLInfoStreamServer0.context = wolfSSL_CTX_new(wolfSSLv23_server_method());
if (net_pres_wolfSSLInfoStreamServer0.context == 0)
{
return false;
}
wolfSSL_CTX_allow_anon_cipher(net_pres_wolfSSLInfoStreamServer0.context);
wolfSSL_CTX_set_cipher_list(net_pres_wolfSSLInfoStreamServer0.context, "ADH-AES128-SHA");
wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamServer0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamServerReceiveCb0);
wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamServer0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamServerSendCb0);
if (wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamServer0.context, serverCertPtr, serverCertLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamServer0.context);
return false;
}
It's really weird that I'm able to use the cipher suite when I run the standalone wolfSSL on Linux but not the one integrated with MPLAB.
Is the cipher suite accessible in the MPLAB.X project at your end?
I'm attaching the log file showing the error, as well.
Hi Kaleb,
Kaleb J. Himes wrote:It could be that the default configuration for MPLAB harmony just doesn't have the cipher suite configured.
Could you check if the configuration being used includes the define HAVE_ANON and does NOT have the define NO_DH?
I was able to resolve the build issue by including the header files that weren't referenced in the MPLAB IDE.
However, I still cannot get the anonymous cipher working. I tried forcing a different RSA cipher suite and it worked. So, I'm pretty sure it has something to do with the configuration. I have HAVE_ANON defined and NO_DH is NOT defined but still I couldn't get it working. When I tried building the wolfssl project on Linux with --enable-anon, the cipher suite works. I've attached the config file I use. Is there anything else I'm missing?
Hi Kaleb,
The ret had a value of 1 which is SSL_SUCCESS.
By working further on this issue, I found that wolfSSL v3.12.2 works with the specified cipher. I'm running MPLAB Harmony 4.0 which has wolfSSL v3.12.0 and it does not work with the above anonymous cipher.
I tried building the wolfSSL.X project under the mplabx folder in wolfssl 3.12.2 but I couldn't. It breaks throwing a whole bunch of errors.
I'm working with the demo wolfssl_tcp_server on MPLAB Harmony on the PIC32MZ crypto board. I'm trying to force the "ADH-AES128-SHA" cipher suite to the wolfSSL_CTX by:
net_pres_wolfSSLInfoStreamServer0.context = wolfSSL_CTX_new(wolfSSLv23_server_method());
int ret = wolfSSL_CTX_set_cipher_list(net_pres_wolfSSLInfoStreamServer0.context, "ADH-AES128-SHA");
and while I try to connect to the server using the same cipher, I receive an error code 501 (Match_Suite_Error).
I have the trace file attached.
Can someone if I'm missing something here?
Posts found: 7
Generated in 0.015 seconds (95% PHP - 5% DB) with 4 queries