Thanks. Looks like that's working for me.

I have an application that includes an embedded webserver and want it to periodically check another server for updated data by runnning as a client. I integrated a version of the wolfSSL client example (which works fine as a stand-alone application) with my server and created CTX and SSL objects dedicated to client operations. When I run it the application the server, which is set up first, works fine but when I run the client I get this:

wolfSSL Entering SSLv23_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_verify
Connected to 192.168.1.76
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -344
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -344
wolfSSL Entering ERR_error_string
TLS Connect Error: wrong client/server type
SSL version is wolfSSL Entering wolfSSL_get_version
TLSv1.3
wolfSSL Entering wolfSSL_get_cipher
wolfSSL Entering SSL_get_current_cipher
wolfSSL Entering wolfSSL_CIPHER_get_name
SSL cipher suite is NONE
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_accept_TLSv13()
ProcessReply retry in error state, not allowed
wolfSSL error occurred, error = -344
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving SSL_write(), return -1
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -344
wolfSSL Entering ERR_error_string
TLS Write Error: wrong client/server type
wolfSSL Entering SSL_shutdown()
growing output buffer

wolfSSL error occurred, error = -308
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking output buffer

Is this not a supported mode of operation?

I generated a new test cert today with OpenSSL to compare performance using a secp384r1 key to that I've observed using prime256v1. I uncommented HAVE_ECC384 in user_settings.h, made a build and wolfSSL_CTX_use_certificate_buffer() and wolfSSL_CTX_use_PrivateKey_buffer() happily consumed both the cert and key.

But when I tried to establish a browser connection using both Chrome and Opera (latest versions of each) they reported an unspecified protocol error.

Before I invest time investigating this, do you know if this doesn't work because the secp384r1 curve isn't supported by these browsers?

4

(1 replies, posted in wolfSSL)

I made a build today using the latest wolfSSL source from https://github.com/wolfSSL/wolfssl/tree … crypt/src, defined WOLFSSL_TLS13 in user_settings.h and use

method = wolfTLSv1_3_server_method(); 

when I initialize the wolfSSL library. But when I test with the latest version of Chrome it still uses TLS1.2 (though it is 6% slower, presumably because it's trying to use TLS1.3 and failing). In Chrome Developer Tools I see the following under "Security":

The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_ECDSA with P-256, and AES_128_GCM.

Wireshark capture confirms that TLS1.2 is being used.

What more must I do to force the use of TLS1.3?