You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by pkLAppS
Pages 1
Upgrading to 3.15.7 fixes the problem.
Before WebSockets handshake on wolfSSL_accept, I get following errors on server side when connecting from browsers
1. Firefox:
WebSocket::accept() on wolfSSL_accept :-308 - error state on socket
2. Chrome:
WebSocket::accept() on wolfSSL_accept :-326 - record layer version error
Chrome version is: Version 75.0.3770.100 (Official Build) (64-bit)
Firefox version is: 67.0.4 (64-bit)
Is it something wrong with TLS 1.3 support in browsers?
wolfSSL TLS 1.2 works flawlessly with both browsers.
Please help.
Paul.
Hello there,
I'm trying to use wolfSSL 3.5.1 for my application.
I use self signed certificate and root authority for development. Anything works well when the client and server are using wolfSSL.
If i use wolfTLSv1_2_server_method(), then google chrome works well as well.
And if I switch to TSL 1.3, chrome is unable to establish connection over WebSockets with this error:
Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
---
I've configured
www.example.orgas an alias to localhost.
Attempts of an HTTPS connections over TLS 1.3 are failing with:
www.example.org sent an invalid response.
ERR_SSL_PROTOCOL_ERROREdited:
HTTPS connections from Firefox are reporting following error (certs changed to localhost):
An error occurred during a connection to localhost:5083. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO --
Is there something special about certificates for TLS 1.3? Is there anything special the browsers expect from the server side on handshake?
---
Here is some info about app configuration:
certificates are created with wildcard for
*.example.org:
openssl genrsa -out example.org.key 2048
openssl req -new -key example.org.key -out example.org.csr
openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt
openssl x509 -req -in example.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out example.org.crt
cat example.org.crt ca.crt > example.org.bundle.crtCertificates files are:
"ca" : "/opt/lapps/conf/ssl/ca.crt",
"cert" : "/opt/lapps/conf/ssl/example.org.bundle.crt",
"key" : "/opt/lapps/conf/ssl/example.org.key"Here is the section responsible for certs load (server side):
if(wolfSSL_CTX_load_verify_locations(this->raw_context(),ca.c_str(),nullptr) != SSL_SUCCESS)
{
throw std::system_error(ENOENT,std::system_category(),ca);
}
if(wolfSSL_CTX_use_PrivateKey_file(this->raw_context(),kfile.c_str(), SSL_FILETYPE_PEM) == SSL_SUCCESS)
{
if(wolfSSL_CTX_use_certificate_file(this->raw_context(),cert.c_str(),SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
throw std::system_error(ENOENT,std::system_category(),cert);
}
}
else
{
throw std::system_error(ENOENT,std::system_category(),kfile);
}Chrome build: Version 75.0.3770.100 (Official Build) (64-bit)
wolfSSL configured as follows:
./configure CFLAGS=-pipe -O2 -march=native -mtune=native -fomit-frame-pointer -fstack-check -fstack-protector-strong -mfpmath=sse -msse2avx -ftree-vectorize -funroll-loops -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING --prefix=/usr/local --enable-tls13 --enable-openssh --enable-aesni --enable-intelasm --enable-keygen --enable-certgen --enable-certreq --enable-curve25519 --enable-ed25519 --enable-intelasm --enable-hardenwolfSSL library initialization and context creation code is here https://github.com/ITpC/LAppS/blob/LApp … lfSSLLib.h
I would appreciate any clue on how to properly configure and use TLS 1.3 on my server side for browsers to work with.
With best regards,
Paul.
Pages 1
wolfSSL - Embedded SSL Library → Posts by pkLAppS
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.014 seconds (94% PHP - 6% DB) with 5 queries