1

(1 replies, posted in wolfSSL)

Hello guys!

I use this thing from Espressif.
https://github.com/espressif/esp-wolfss … sdk_v2.x.x

Everything works perfect but I can see one strange moment - when I am compiling my application the wolfSSL is compiling too. Each time it is fully recompiled. This take a lot of time. Is here anyone who know why?

Is this a normal behavior for wolfSSL or here I have bad configuration of makefiles for namely this example?

Best regards, Alex.

2

(6 replies, posted in wolfSSL)

It is solved.

The main reason why the device failed to connect to the server is missing the wolfSSL_CTX_UseSNI call. So when I added it, my device connected to the server.

    if (sniHostName)
        if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,
                    (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
            wolfSSL_CTX_free(ctx);
            printf("UseSNI failed\n");
    }

Where sniHostName is static char* sniHostName. It is the name of my server

I wish you all good luck! ))))

3

(6 replies, posted in wolfSSL)

We added on the server missing cipher suites but that did not help.

When I try to connect using of openssl I can connect only if I use  -servername option. For example:

openssl s_client -CAfile ca.pem -tls1_2 -host iot-stg.dealor.co.il -port 443 -servername iot-stg.dealor.co.il

What does mean this? How can I use this when working with library?

Regards, Alex.

4

(6 replies, posted in wolfSSL)

I connected to www.howsmyssl.com and this server said that this is my cipher suite:

"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
"TLS_RSA_WITH_AES_256_CBC_SHA256"
"TLS_RSA_WITH_AES_128_CBC_SHA256"
"TLS_RSA_WITH_AES_256_CBC_SHA"
"TLS_RSA_WITH_AES_128_CBC_SHA"

Also I got cipher suite for server

https://www.ssllabs.com/ssltest/analyze … alor.co.il

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

I can see that the server and client has common cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

But a connection is not establishing

5

(6 replies, posted in wolfSSL)

Hi Kaleb!

Thank you for rapid an answer! ))

Those defines added but it did not help.

It is a list of defines for my wolfSSL:

#define WOLFSSL_LWIP
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define NO_INLINE
#define NO_WOLFSSL_MEMORY
#define HAVE_PK_CALLBACKS
#define WOLFSSL_KEY_GEN
#define WOLFSSL_RIPEMD
#define USE_WOLFSSL_IO
#define WOLFSSL_STATIC_RSA
#define NO_DH
#define NO_MD4
#define NO_DES3
#define NO_DSA
#define NO_RC4
#define NO_RABBIT
#define HAVE_ECC
#define WC_NO_HARDEN
#define FREERTOS
#define WOLFSSL_TYPES
#define NO_FILESYSTEM
#define WOLFSSL_ALT_CERT_CHAINS
#define WOLFSSL_ALLOW_TLSV10
#define WOLFSSL_SMALL_STACK
#define SMALL_SESSION_CACHE

// It was edded by me
#define HAVE_CURVE25519
#define DEBUG_WOLFSSL

6

(6 replies, posted in wolfSSL)

Hi guys!

I am sorry for disturbing you but we have a problem with wolfSSL:
https://github.com/espressif/esp-wolfss … sdk_v2.x.x

I am trying to connect to the customer's server through a tls connection. I received CA file from him and I can connect to his server using, for example, openssl utility.

openssl s_client -CAfile ca.pem -tls1_2 -host iot-stg.dealor.co.il -port 443 -servername iot-stg.dealor.co.il

It is output of this command:

SSL handshake has read 3414 bytes and written 298 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 8BB90C08D0FD7639681B9DDCA96EDD6C5000FA550CC27B2E6144ABB5657C0BAE
    Session-ID-ctx:
    Master-Key: 2429B05412CB4451FB28A572672C94F3FF69FCBECB3BC8D54A1961CA41AD8D97E418B1CE0A15AA269B5024CADDAF1CB6
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
    0000 - 2f da 6a 7e 61 31 8f d1-f7 b0 a7 58 53 94 7d e5   /.j~a1.....XS.}.
    0010 - d1 84 91 26 34 f6 fe d4-68 11 5f 26 bf a8 79 0e   ...&4...h._&..y.
    0020 - 1b 66 0f f3 88 9c e3 1f-e1 04 ac b5 4a 65 32 68   .f..........Je2h
    0030 - 33 67 31 e4 71 16 85 88-d6 39 44 ae fc 99 aa 2b   3g1.q....9D....+
    0040 - a9 40 b2 2b fa fa ed ee-65 cd cd a8 f8 bd 24 08   .@.+....e.....$.
    0050 - 36 49 02 96 35 e9 bb 79-5f 39 76 90 bb d1 ef 87   6I..5..y_9v.....
    0060 - bc 08 6f 6c 2b 61 b1 df-4a 24 5d 86 70 22 18 b6   ..ol+a..J$].p"..
    0070 - f4 5b a1 d8 d4 2f 5d 72-93 65 84 24 77 29 49 2e   .[.../]r.e.$w)I.
    0080 - 2f 45 0b 7b 6a b8 ef f3-b1 cc 5d 75 52 56 32 25   /E.{j.....]uRV2%
    0090 - 1e aa 30 f9 43 89 f8 83-b2 7e 85 19 45 0c 19 44   ..0.C....~..E..D
    00a0 - d8 51 8a 28 67 03 3b fb-dc aa dc 30 01 ba 7d d3   .Q.(g.;....0..}.
    00b0 - 6c 96 21 9f 15 61 9f 50-46 39 82 cb 97 09 99 57   l.!..a.PF9.....W
    00c0 - 2b 48 34 fd f2 4c 48 fb-74 1f a8 95 30 b0 43 7c   +H4..LH.t...0.C|

    Start Time: 1542192588
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes

But I can’t connect from your demo example.

What can be wrong?

The project, its log and CA file are attached to this message.

Thank you in advance.

Regard, Alex.