Hi Guys

I'm having a strange issue with TLS 1.3 on wolfSSL 4.3 when cypher suite is provided (I want to be limited to TLS13-CHACHA20-POLY1305-SHA256 to save MCU resources).

What I did I took an example https://github.com/wolfSSL/wolfssl-exam … ls-ecdhe.c and changed

wolfTLSv1_2_server_method()

to

wolfTLSv1_3_server_method()

Ciphersuite selected by wolfSSL_CTX_set_cipher_list() as

"TLS13-CHACHA20-POLY1305-SHA256"

On the client site (file client-tls-ecdhe.c) the method is also changed to TLS 1.3 and the cypher suite.

So far all works well, with or without cypher suite selection on server site. Confirmed with Wireshark too.

The problem is with curl (cannot get connected), as well as with  Chrome or Firefox.

When I comment out the call of wolfSSL_CTX_set_cipher_list() function on the server-side I'm getting connected (curl and the web browsers) but as TLSv1.3 TLS_AES_128_GCM_SHA256 (my goal is to avoid AES at all).

The question is: How can I force using TLS1.3 with TLS13-CHACHA20-POLY1305-SHA256 only and only in this mode? Why wolfssl example client get connected, but curl throw out an error?:

curl -vvv -k --tlsv1.3 https://xxx.yyy.225.101:11111
*   Trying xxx.yyy.225.101:11111...
* Connected to xxx.yyy.225.101 (xxx.yyy.225.101) port 11111 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, unexpected_message (522):
* error:1408F1BB:SSL routines:ssl3_get_record:bad record type
* Closing connection 0
curl: (35) error:1408F1BB:SSL routines:ssl3_get_record:bad record type

Any ideas? Is that a known error or I'm doing something wrong?

Cheers
Chris