Hi Kaleb,
The wire format is showing version 0x0303 (v1.2) instead of 0x0304 (v1.3) so I don't think this is a wireshark issue.
Regards,
Karl
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by khenderson
Pages 1
Hi Kaleb,
The wire format is showing version 0x0303 (v1.2) instead of 0x0304 (v1.3) so I don't think this is a wireshark issue.
Regards,
Karl
I'm even trying with the default client:
examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -p 443 -s -h 10.239.34.64
And it still shows a 1.2 record. I'm not sure what I'm missing - also, I'd like to be able to send a 0 length NewSessionTicket in the ClientHello - I'm guessing with wolfSSL_set_SessionTicket(ssl, NULL, 0).
The output of the client is below:
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering WOLFSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_cipher_list
wolfSSL Entering SSL_CTX_set_default_passwd_cb
wolfSSL Entering wolfSSL_CTX_use_certificate_chain_file
Getting dynamic buffer
wolfSSL Entering PemToDer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_file
Getting dynamic buffer
wolfSSL Entering PemToDer
wolfSSL Entering wolfSSL_CTX_load_verify_locations
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Parsed new CA
Freeing Parsed CA
Freeing der CA
OK Freeing der CA
wolfSSL Leaving AddCA, return 0
Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering wolfSSL_CTX_load_verify_locations
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Parsed new CA
Freeing Parsed CA
Freeing der CA
OK Freeing der CA
wolfSSL Leaving AddCA, return 0
Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL error: tcp connect failed
[deploy@rootns-0 wolfssl-3.14.0]$
[deploy@rootns-0 wolfssl-3.14.0]$
[deploy@rootns-0 wolfssl-3.14.0]$
[deploy@rootns-0 wolfssl-3.14.0]$
[deploy@rootns-0 wolfssl-3.14.0]$
[deploy@rootns-0 wolfssl-3.14.0]$ examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -p 443 -s
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering WOLFSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_cipher_list
wolfSSL Entering SSL_CTX_set_psk_client_callback
wolfSSL Entering SSL_CTX_set_default_passwd_cb
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL error: tcp connect failed
[deploy@rootns-0 wolfssl-3.14.0]$
[deploy@rootns-0 wolfssl-3.14.0]$
[deploy@rootns-0 wolfssl-3.14.0]$ examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -p 443 -s -h 10.239.34.64
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering WOLFSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_cipher_list
wolfSSL Entering SSL_CTX_set_psk_client_callback
wolfSSL Entering SSL_CTX_set_default_passwd_cb
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering SSL_connect()
wolfSSL Entering SendTls13ClientHello
Adding signature algorithms extension
Adding supported versions extension
wolfSSL Entering VerifyClientSuite
growing output buffer
PSK Key Exchange Modes extension to write
Supported Versions extension to write
Signature Algorithms extension to write
Point Formats extension to write
Elliptic Curves extension to write
Key Share extension to write
Session Ticket extension to write
Pre-Shared Key extension to write
wolfSSL Entering VerifyClientSuite
Derive Early Secret
Derive Binder Key
Derive Finished Secret
Shrinking output buffer
wolfSSL Leaving SendTls13ClientHello, return 0
connect state: CLIENT_HELLO_SENT
growing input buffer
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing server hello
wolfSSL Entering DoTls13ServerHello
Pre-Shared Key extension received
Key Share extension received
Supported Versions extension received
wolfSSL Entering VerifyClientSuite
wolfSSL Entering VerifyClientSuite
Derive Early Secret
wolfSSL Leaving DoTls13ServerHello, return 0
Derive Early Secret
Derive Handshake Secret
Derive Client Handshake Secret
Derive Server Handshake Secret
Derive Client Key
Derive Server Key
Derive Client IV
Derive Server IV
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing encrypted extensions
wolfSSL Entering DoTls13EncryptedExtensions
wolfSSL Leaving DoTls13EncryptedExtensions, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing finished
wolfSSL Entering DoTls13Finished
Derive Finished Secret
Derive Finished Secret
wolfSSL Leaving DoTls13Finished, return 0
Derive Master Secret
Derive Client Traffic Secret
Derive Server Traffic Secret
Derive Client Key
Derive Server Key
Derive Client IV
Derive Server IV
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
connect state: HELLO_AGAIN
wolfSSL Entering wolfSSL_connect_TLSv13()
connect state: HELLO_AGAIN_REPLY
connect state: FIRST_REPLY_DONE
connect state: FIRST_REPLY_FIRST
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
wolfSSL Entering SendTls13Finished
growing output buffer
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
Derive Resumption Secret
wolfSSL Leaving SendTls13Finished, return 0
sent: finished
connect state: FINISHED_DONE
wolfSSL Leaving wolfSSL_connect_TLSv13(), return 1
wolfSSL Entering SSL_get_peer_certificate
peer has no cert!
wolfSSL Entering wolfSSL_FreeX509
wolfSSL Entering ExternalFreeX509
wolfSSL Entering SSL_get_version
SSL version is TLSv1.3
wolfSSL Entering SSL_get_current_cipher
wolfSSL Entering SSL_CIPHER_get_name
wolfSSL Entering wolfSSL_get_cipher_name_from_suite
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client Random : 2206280F4CB31D50E943405174A922E7BA418579651190B02AC2EC9DE4AC50AC
wolfSSL Entering SSL_write()
growing output buffer
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SSL_write(), return 14
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
growing input buffer
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing new session ticket
wolfSSL Entering DoTls13NewSessionTicket
Session Ticket CB: ticketSz = 138, ctx = initial session
wolfSSL Leaving DoTls13NewSessionTicket, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
got app DATA
Shrinking input buffer
wolfSSL Leaving ReceiveData(), return 21
wolfSSL Leaving wolfSSL_read_internal(), return 21
I hear ya for shizzle
wolfSSL Entering SSL_shutdown()
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SSL_shutdown(), return 2
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
wolfSSL Entering wolfSSL_BIO_free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
wolfSSL Entering wolfSSL_Cleanup
wolfSSL Entering wolfCrypt_Cleanup
[deploy@rootns-0 wolfssl-3.14.0]$ examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -p 443 -s -h 10.239.34.64
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering WOLFSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_cipher_list
wolfSSL Entering SSL_CTX_set_psk_client_callback
wolfSSL Entering SSL_CTX_set_default_passwd_cb
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering SSL_connect()
wolfSSL Entering SendTls13ClientHello
Adding signature algorithms extension
Adding supported versions extension
wolfSSL Entering VerifyClientSuite
growing output buffer
PSK Key Exchange Modes extension to write
Supported Versions extension to write
Signature Algorithms extension to write
Point Formats extension to write
Elliptic Curves extension to write
Key Share extension to write
Session Ticket extension to write
Pre-Shared Key extension to write
wolfSSL Entering VerifyClientSuite
Derive Early Secret
Derive Binder Key
Derive Finished Secret
Shrinking output buffer
wolfSSL Leaving SendTls13ClientHello, return 0
connect state: CLIENT_HELLO_SENT
growing input buffer
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing server hello
wolfSSL Entering DoTls13ServerHello
Pre-Shared Key extension received
Key Share extension received
Supported Versions extension received
wolfSSL Entering VerifyClientSuite
wolfSSL Entering VerifyClientSuite
Derive Early Secret
wolfSSL Leaving DoTls13ServerHello, return 0
Derive Early Secret
Derive Handshake Secret
Derive Client Handshake Secret
Derive Server Handshake Secret
Derive Client Key
Derive Server Key
Derive Client IV
Derive Server IV
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing encrypted extensions
wolfSSL Entering DoTls13EncryptedExtensions
wolfSSL Leaving DoTls13EncryptedExtensions, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing finished
wolfSSL Entering DoTls13Finished
Derive Finished Secret
Derive Finished Secret
wolfSSL Leaving DoTls13Finished, return 0
Derive Master Secret
Derive Client Traffic Secret
Derive Server Traffic Secret
Derive Client Key
Derive Server Key
Derive Client IV
Derive Server IV
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
connect state: HELLO_AGAIN
wolfSSL Entering wolfSSL_connect_TLSv13()
connect state: HELLO_AGAIN_REPLY
connect state: FIRST_REPLY_DONE
connect state: FIRST_REPLY_FIRST
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
wolfSSL Entering SendTls13Finished
growing output buffer
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
Derive Resumption Secret
wolfSSL Leaving SendTls13Finished, return 0
sent: finished
connect state: FINISHED_DONE
wolfSSL Leaving wolfSSL_connect_TLSv13(), return 1
wolfSSL Entering SSL_get_peer_certificate
peer has no cert!
wolfSSL Entering wolfSSL_FreeX509
wolfSSL Entering ExternalFreeX509
wolfSSL Entering SSL_get_version
SSL version is TLSv1.3
wolfSSL Entering SSL_get_current_cipher
wolfSSL Entering SSL_CIPHER_get_name
wolfSSL Entering wolfSSL_get_cipher_name_from_suite
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client Random : EF4FC79DF23B323D062101A100ED06A94BE04AEF949C15ABD0BD257C5ED1469A
wolfSSL Entering SSL_write()
growing output buffer
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SSL_write(), return 14
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
growing input buffer
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing new session ticket
wolfSSL Entering DoTls13NewSessionTicket
Session Ticket CB: ticketSz = 138, ctx = initial session
wolfSSL Leaving DoTls13NewSessionTicket, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
got app DATA
Shrinking input buffer
wolfSSL Leaving ReceiveData(), return 21
wolfSSL Leaving wolfSSL_read_internal(), return 21
I hear ya for shizzle
wolfSSL Entering SSL_shutdown()
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SSL_shutdown(), return 2
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
wolfSSL Entering wolfSSL_BIO_free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
wolfSSL Entering wolfSSL_Cleanup
wolfSSL Entering wolfCrypt_Cleanup
[deploy@rootns-0 wolfssl-3.14.0]$ examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -p 443 -s -h 10.239.34.64
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering WOLFSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_cipher_list
wolfSSL Entering SSL_CTX_set_psk_client_callback
wolfSSL Entering SSL_CTX_set_default_passwd_cb
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering SSL_connect()
wolfSSL Entering SendTls13ClientHello
Adding signature algorithms extension
Adding supported versions extension
wolfSSL Entering VerifyClientSuite
growing output buffer
PSK Key Exchange Modes extension to write
Supported Versions extension to write
Signature Algorithms extension to write
Point Formats extension to write
Elliptic Curves extension to write
Key Share extension to write
Session Ticket extension to write
Pre-Shared Key extension to write
wolfSSL Entering VerifyClientSuite
Derive Early Secret
Derive Binder Key
Derive Finished Secret
Shrinking output buffer
wolfSSL Leaving SendTls13ClientHello, return 0
connect state: CLIENT_HELLO_SENT
growing input buffer
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing server hello
wolfSSL Entering DoTls13ServerHello
Pre-Shared Key extension received
Key Share extension received
Supported Versions extension received
wolfSSL Entering VerifyClientSuite
wolfSSL Entering VerifyClientSuite
Derive Early Secret
wolfSSL Leaving DoTls13ServerHello, return 0
Derive Early Secret
Derive Handshake Secret
Derive Client Handshake Secret
Derive Server Handshake Secret
Derive Client Key
Derive Server Key
Derive Client IV
Derive Server IV
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing encrypted extensions
wolfSSL Entering DoTls13EncryptedExtensions
wolfSSL Leaving DoTls13EncryptedExtensions, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing finished
wolfSSL Entering DoTls13Finished
Derive Finished Secret
Derive Finished Secret
wolfSSL Leaving DoTls13Finished, return 0
Derive Master Secret
Derive Client Traffic Secret
Derive Server Traffic Secret
Derive Client Key
Derive Server Key
Derive Client IV
Derive Server IV
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
connect state: HELLO_AGAIN
wolfSSL Entering wolfSSL_connect_TLSv13()
connect state: HELLO_AGAIN_REPLY
connect state: FIRST_REPLY_DONE
connect state: FIRST_REPLY_FIRST
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
wolfSSL Entering SendTls13Finished
growing output buffer
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
Derive Resumption Secret
wolfSSL Leaving SendTls13Finished, return 0
sent: finished
connect state: FINISHED_DONE
wolfSSL Leaving wolfSSL_connect_TLSv13(), return 1
wolfSSL Entering SSL_get_peer_certificate
peer has no cert!
wolfSSL Entering wolfSSL_FreeX509
wolfSSL Entering ExternalFreeX509
wolfSSL Entering SSL_get_version
SSL version is TLSv1.3
wolfSSL Entering SSL_get_current_cipher
wolfSSL Entering SSL_CIPHER_get_name
wolfSSL Entering wolfSSL_get_cipher_name_from_suite
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client Random : 82739D7E9E0C43E9878AAB9AB963C56A35851BFC5E2738D8724546D35108F805
wolfSSL Entering SSL_write()
growing output buffer
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SSL_write(), return 14
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
growing input buffer
wolfSSL Entering DecryptTls13
received record layer msg
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing new session ticket
wolfSSL Entering DoTls13NewSessionTicket
Session Ticket CB: ticketSz = 138, ctx = initial session
wolfSSL Leaving DoTls13NewSessionTicket, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
wolfSSL Entering DecryptTls13
received record layer msg
got app DATA
Shrinking input buffer
wolfSSL Leaving ReceiveData(), return 21
wolfSSL Leaving wolfSSL_read_internal(), return 21
I hear ya for shizzle
wolfSSL Entering SSL_shutdown()
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SSL_shutdown(), return 2
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
wolfSSL Entering wolfSSL_BIO_free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
wolfSSL Entering wolfSSL_Cleanup
wolfSSL Entering wolfCrypt_Cleanup
One thing that still is a bit puzzling to me is that I have the following configuration:
Configuration summary for wolfssl version 3.14.0
* Installation prefix: /usr/local
* System type: unknown-linux-gnu
* Host CPU: x86_64
* C Compiler: gcc
* C Flags: -DWOLFSSL_STATIC_PSK -DHAVE_EXT_CACHE -g -ggdb -O0 -Wno-pragmas -Wall -Wno-strict-aliasing -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wnormalized=id -Woverride-init -Wpointer-arith -Wpointer-sign -Wredundant-decls -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv -g1
* C++ Compiler: g++
* C++ Flags:
* CPP Flags: -fvisibility=hidden
* CCAS Flags: -DWOLFSSL_STATIC_PSK -DHAVE_EXT_CACHE
* LIB Flags: -pie -z relro -z now
* Debug enabled: yes
* Coverage enabled:
* Warnings as failure: no
* make -j: 5
* VCS checkout: no
Features
* Single threaded: no
* Filesystem: yes
* OpenSSH Build: no
* OpenSSL Extra API: yes
* OpenSSL Coexist: no
* Old Names: yes
* Max Strength Build: no
* Distro Build: no
* fastmath: yes
* Assembly Allowed: yes
* sniffer: no
* snifftest: no
* ARC4: no
* AES: yes
* AES-NI: no
* AES-GCM: yes
* AES-CCM: no
* AES-CTR: no
* DES3: no
* IDEA: no
* Camellia: no
* NULL Cipher: no
* MD5: yes
* RIPEMD: no
* SHA: yes
* SHA-224: yes
* SHA-512: yes
* SHA3: yes
* BLAKE2: no
* CMAC: no
* keygen: no
* certgen: no
* certreq: no
* certext: no
* HC-128: no
* RABBIT: no
* CHACHA: yes
* Hash DRBG: yes
* PWDBASED: yes
* scrypt: no
* wolfCrypt Only: no
* HKDF: yes
* X9.63 KDF: no
* MD4: no
* PSK: yes
* Poly1305: yes
* LEANPSK: no
* LEANTLS: no
* RSA: yes
* RSA-PSS: yes
* DSA: no
* DH: yes
* ECC: yes
* CURVE25519: no
* ED25519: no
* FPECC: no
* ECC_ENCRYPT: no
* ASN: yes
* Anonymous cipher: no
* CODING: yes
* MEMORY: yes
* I/O POOL: no
* LIGHTY: no
* HAPROXY: no
* STUNNEL: no
* NGINX: no
* SIGNAL: no
* ERROR_STRINGS: yes
* DTLS: no
* SCTP: no
* Indefinite Length: no
* Multicast: no
* Old TLS Versions: no
* SSL version 3.0: no
* TLS v1.0: no
* TLS v1.3: yes
* TLS v1.3 Draft 18: no
* Post-handshake Auth: no
* Early Data: no
* Send State in HRR Cookie: no
* OCSP: no
* OCSP Stapling: no
* OCSP Stapling v2: no
* CRL: no
* CRL-MONITOR: no
* Persistent session cache: no
* Persistent cert cache: no
* Atomic User Record Layer: no
* Public Key Callbacks: no
* NTRU: no
* QSH: no
* Whitewood netRandom: no
* Server Name Indication: no
* ALPN: no
* Maximum Fragment Length: no
* Truncated HMAC: no
* Supported Elliptic Curves: yes
* Session Ticket: yes
* Extended Master Secret: yes
* Renegotiation Indication: no
* Secure Renegotiation: no
* All TLS Extensions: no
* PKCS#7 no
* wolfSSH no
* wolfSCEP no
* Secure Remote Password no
* Small Stack: no
* valgrind unit tests: no
* LIBZ: no
* Examples: yes
* User Crypto: no
* Fast RSA: no
* Single Precision: no
* Async Crypto: no
* Cavium: no
* ARM ASM: no
* AES Key Wrap: no
* Write duplicate: no
* Intel Quick Assist: no
* Xilinx Hardware Acc.: no
* Inline Code: yes
And the following method call in my client:
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())
However, wireshark is still showing the ClientHello being sent with TLS 1.2 (0x0303)
Any ideas?
Hi Kaleb, Thanks for the updates and links - It is working now.
To answer your question about use case, I'm running an experiment, implementing a Needham-Schroeder like protocol with a key server where the client has a PSK relationship with a key server and the key server maintains a cache of short lived RFC5077 tickets it maintains with a server. When a client wants to talk to the server, it requests a ticket from the key server. The key server gives the client a ticket to use with the key server but wraps a key that'll be used for the client-server session. So, I think I'll need to introduce some logic on the server side's wolfSSL_CTX_set_TicketEncCtx() call back in order to unwrap using the key fetched by key_name and then synthesize a CTX using the underlying (now unwrapped) key. If you have any implementation ideas, it's greatly appreciated.
Thanks,
Karl
I configured wolfssl with the following:
./configure --enable-opensslextra --enable-tls13-draft22 --enable-psk CFLAGS="-DWOLFSSL_STATIC_PSK" --enable-oldtls=no
I then used the example code to build: server-psk.c and client-psk-resume.c
The only modification I made to the client was: wolfSSL_CTX_new(wolfTLSv1_2_client_method() -> wolfSSL_CTX_new(wolfTLSv1_3_client_method()
I did this to try to force the client to send a TLS 1.3 Client Hello.
However, wireshark still shows TLS 1.2 (0x0303) for both Record Layer and Handshake Protocol. Furthermore, the psk callback method is never invoked on the server AND the server never sends back a Server Hello.
As this is example code, (with little modification noted above AND it didn't work in it's unmodified version either), I'm assuming that either the code examples are wrong OR wolfssl-3.14.0 is.
Full client code:
/* client-psk-resume.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
**/
#include <wolfssl/options.h> /* included for options sync */
#include <wolfssl/ssl.h> /* must include this to use wolfSSL security */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <signal.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#define MAXLINE 256 /* max text line length */
#define SERV_PORT 11111 /* default port*/
/*
*psk client set up.
*/
static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
char* identity, unsigned int id_max_len, unsigned char* key,
unsigned int key_max_len)
{
(void)ssl;
(void)hint;
(void)key_max_len;
/* identity is OpenSSL testing default for openssl s_client, keep same*/
strncpy(identity, "Client_identity", id_max_len);
/* test key n hex is 0x1a2b3c4d , in decimal 439,041,101, we're using
* unsigned binary */
key[0] = 26;
key[1] = 43;
key[2] = 60;
key[3] = 77;
return 4;
}
int main(int argc, char **argv){
int sockfd, sock, ret;
char sendline[MAXLINE]="Hello Server"; /* string to send to the server */
char recvline[MAXLINE]; /* string received from the server */
WOLFSSL* ssl;
WOLFSSL* sslResume = 0;
WOLFSSL_SESSION* session = 0;
WOLFSSL_CTX* ctx;
struct sockaddr_in servaddr;;
/* must include an ip address of this will flag */
if (argc != 2) {
printf("Usage: tcpClient <IPaddress>\n");
return 1;
}
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
/* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
/* places n zero-valued bytes in the address servaddr */
memset(&servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(SERV_PORT);
/* converts IPv4 addresses from text to binary form */
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
if (ret != 1){
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* attempts to make a connection on a socket */
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0 ){
return 1;
}
/* create wolfSSL object after each tcp connect */
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
return 1;
}
/* associate the file descriptor with the session */
wolfSSL_set_fd(ssl, sockfd);
/* takes inputting string and outputs it to the server */
if (wolfSSL_write(ssl, sendline, sizeof(sendline)) != sizeof(sendline)) {
printf("Write Error to Server\n");
return 1;
}
/* flags if the Server stopped before the client could end */
if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) {
printf("Client: Server Terminated Prematurely!\n");
return 1;
}
/* show message from the server */
printf("Server Message: %s\n", recvline);
/* Save the session ID to reuse */
session = wolfSSL_get_session(ssl);
sslResume = wolfSSL_new(ctx);
/* shut down wolfSSL */
wolfSSL_shutdown(ssl);
/* close connection */
close(sockfd);
/* cleanup without wolfSSL_Cleanup() and wolfSSL_CTX_free() for now */
wolfSSL_free(ssl);
/*
* resume session, start new connection and socket
*/
/* start a new socket connection */
sock = socket(AF_INET, SOCK_STREAM, 0);
/* connect to the socket */
ret = connect(sock, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0){
return 1;
}
/* set the session ID to connect to the server */
wolfSSL_set_fd(sslResume, sock);
wolfSSL_set_session(sslResume, session);
/* check has connect successfully */
if (wolfSSL_connect(sslResume) != SSL_SUCCESS) {
printf("SSL resume failed\n");
return 1;
}
if (wolfSSL_write(sslResume, sendline, sizeof(sendline)) != sizeof(sendline)) {
printf("Write Error to Server\n");
return 1;
}
/* flags if the Server stopped before the client could end */
if (wolfSSL_read(sslResume, recvline, MAXLINE) < 0 ) {
printf("Client: Server Terminated Prematurely!\n");
return 1;
}
/* show message from the server */
printf("Server Message: %s\n", recvline);
/* check to see if the session id is being reused */
if (wolfSSL_session_reused(sslResume)) {
printf("reused session id\n");
}
else{
printf("didn't reuse session id!!!\n");
}
/* shut down wolfSSL */
wolfSSL_shutdown(sslResume);
/* shut down socket */
close(sock);
/* clean up now with wolfSSL_Cleanup() */
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return ret;
}
Pages 1
wolfSSL - Embedded SSL Library → Posts by khenderson
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.015 seconds (95% PHP - 5% DB) with 4 queries