Hi,
I have a personnal project which the main pupose is to make RGB lamps (2 or 3) connected to the internet to change the colors to send to a person a special message thru the colors.
For the moment, I use a STM32F7 bord, until I receive my wi-fi module (ESP32) and they have to act like https server.
Because it would be use for years and over the internet, I want to use TLS 1.3 and one or two ciphers suites to make it time proof and securised.
The change of colors would be made with a html page with a little script.
Well Now about my problem:
I've achieve to serve the page with TLS 1.2 and chrome/firefox as client and it works perfectly.
But I wasn't able to serve it with TLS 1.3, chrome give me "ERR_CONNECTION_REFUSED" and firefox "SSL_ERROR_NO_CYPHER_OVERLAP".
So I decided to use wireshark to check the suites used by my browsers. I've also defined debug option for wolfssl to get some log.
Both of them have seems to have the suite AES128-GCM-SHA256 declared so I didn't figure why it's failling with the error "Unsupported cipher suite, ClientHello" given by wolfSSL.
So there is my logs messages to help if I missed something, and I give my user_settings.h and wireshark files to help figure what's happen.
Thanks in advance for your help.
Edit: I see you have release V4.6.0 and I'm currently on V4.5.0 If it's matter.
:Start new context
D:wolfSSL Entering TLSv1_3_server_method_ex
D:wolfSSL Entering wolfSSL_CTX_new_ex
D:wolfSSL Entering wolfSSL_CertManagerNew
D:wolfSSL Leaving WOLFSSL_CTX_new, return 0
D:ciphersuites:TLS13-AES128-GCM-SHA256
D:Start certificate buff
D:wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
D:wolfSSL Entering PemToDer
D:Checking cert signature type
D:wolfSSL Entering GetExplicitVersion
D:wolfSSL Entering GetSerialNumber
D:Got Cert Header
D:wolfSSL Entering GetAlgoId
D:wolfSSL Entering GetObjectId()
D:Got Algo ID
D:Getting Cert Name
D:Getting Cert Name
D:Got Subject Name
D:wolfSSL Entering GetAlgoId
D:wolfSSL Entering GetObjectId()
D:wolfSSL Entering GetObjectId()
D:Got Key
D:Not ECDSA cert signature
D:wolfSSL Leaving wolfSSL_CTX_use_certificate_buffer, return 1
D:Start private key buff
D:wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
D:wolfSSL Entering PemToDer
D:wofSSL Entering GetAlgoId
D:wolfSSL Entering GetObjectId()
D:wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1
D:Start socket
D:fin init
D:En attente de connexion
D:wolfSSL Entering SSL_new
D:wolfSSL Leaving SSL_new, return 0
D:wolfSSL Entering SSL_set_fd
D:wolfSSL Entering SSL_set_read_fd
D:wolfSSL Leaving SSL_set_read_fd, return 1
D:wolfSSL Entering SSL_set_write_fd
D:wolfSSL Leaving SSL_set_write_fd, return 1
D:wolfSSL Entering SSL_accept_TLSv13()
D:Wrong case, to be adjust (my_IORecv)
D:Received bytes:5
D:Data received
D: 16 03 01 02 00 |.....
D:Client attempting to connect with different version
D:Wrong case, to be adjust (my_IORecv)
D:Received bytes:512
D:Data received
D: 01 00 01 fc 03 03 a5 ce 0d 33 64 e0 b4 0e 41 d2 |.........3d...A.
D: a3 7b 76 cb 50 74 19 18 55 f4 6d 1c 20 7d fc b8 |.{v.Pt..U.m. }..
D: f5 7a b0 80 70 bb 20 63 67 35 fd a6 6d ee 44 8c |.z..p. cg5..m.D.
D: 9c d0 87 b8 b5 8c e2 16 6f 30 bb 87 e4 af 9a d9 |........o0......
D: e9 8c 83 d2 32 50 18 00 20 2a 2a 13 01 13 02 13 |....2P.. **.....
D: 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 |..+./.,.0.......
: 14 00 9c 00 9d 00 2f 00 35 01 00 01 93 2a 2a 00 |....../.5....**.
D: 00 00 17 00 00 ff 01 00 01 00 00 0a 00 0a 00 08 |................
D: ba ba 00 1d 00 17 00 18 00 0b 00 02 01 00 00 23 |...............#
D: 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 |.........h2.http
D: 2f 31 2e 31 00 05 00 05 01 00 00 00 00 00 0d 00 |/1.1............
D: 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 |................
D: 06 06 01 00 12 00 00 00 33 00 2b 00 29 ba ba 00 |........3.+.)...
D: 01 00 00 1d 00 20 04 50 e6 d6 61 5a 3c 33 44 71 |..... .P..aZ<3Dq
D: f6 a6 cd 5b 60 f4 be 81 2a 49 d8 ee b4 9b 8d 5a |...[`...*I.....Z
D: d7 d8 77 98 47 51 00 2d 00 02 01 01 00 2b 00 0b |..w.GQ.-.....+..
D: 0a 5a 5a 03 04 03 03 03 02 03 01 00 1b 00 03 02 |.ZZ.............
D: 00 02 fa fa 00 01 00 00 15 00 e5 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |...............
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................
D:received record layer msg
D:got HANDSHAKE
D:wolfSSL Entering DoTls13HandShakeMsg()
D:wolfSSL Entering DoTls13HandShakeMsgType
D:processing client hello
D:wolfSSL Entering DoTls13ClientHello
D:Supported Versions extension received
D:client random
D: a5 D:Public Curve25519 Key
D: ce a4 11 50 32 f4 88 07 2d 31 da 97 94 04 f7 cc |...P2...-1......
D: ad ce 5e e5 ce a6 1f 4d fa 5f 3c f9 82 92 9c 49 |..^....M._<....I
D:Verified suite validity
D:Unsupported cipher suite, ClientHello
D:wolfSSL Entering SendAlert
D:Data to send
D: 15 03 03 00 02 02 28 |......(
D:Wrong case, to be adjust (my_IOsend)
D:Send of bytes:7
D:wolfSSL Leaving SendAlert, return 0
D:wolfSSL Leaving DoTls13HandShakeMsgType(), return -501
D:wolfSSL Leaving DoTls13HandShakeMsg(), return -501
D:wolfSSL error occurred, error = -501
D:wolfSSL error occurred, error = -501
D:wolfSSL Entering SSL_get_error
D:Connection TLS 1.3 failed
My user_settings, because we can add only one file with a message.
#ifndef USER_SETTINGS_H
#define USER_SETTINGS_H
#undef NO_WOLFSSL_CLIENT
#define NO_WOLFSSL_CLIENT
#undef HAVE_SNI
#define HAVE_SNI
// #undef STM32F7
// #define STM32F7
#undef NO_STM32_HASH
#define NO_STM32_HASH
#undef NO_STM32_CRYPTO
#define NO_STM32_CRYPTO
#undef DEBUG_WOLFSSL
#define DEBUG_WOLFSSL
#undef WOLFSSL_DEBUG_TLS
#define WOLFSSL_DEBUG_TLS
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#undef NO_WOLFSSL_DIR
#define NO_WOLFSSL_DIR
// #undef WOLFSSL_TLS13_MIDDLEBOX_COMPAT
// #define WOLFSSL_TLS13_MIDDLEBOX_COMPAT
#undef LARGE_STATIC_BUFFERS
#define LARGE_STATIC_BUFFERS
#undef WOLFSSL_TLS13
#define WOLFSSL_TLS13
#undef NO_OLD_TLS
#define NO_OLD_TLS
#undef WOLFSSL_NO_TLS12
#define WOLFSSL_NO_TLS12
#undef WOLFSSL_AEAD_ONLY
#define WOLFSSL_AEAD_ONLY
#undef FREERTOS
#define FREERTOS
#undef WOLFSSL_LWIP
#define WOLFSSL_LWIP
#undef NO_MAIN_DRIVER
#define NO_MAIN_DRIVER
#undef NO_WRITEV
#define NO_WRITEV
// #undef WOLFSSL_USER_IO
// #define WOLFSSL_USER_IO
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES
#undef SINGLE_THREADED
#define SINGLE_THREADED
// #undef HAVE_THREAD_LS
// #define HAVE_THREAD_LS
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#undef HAVE_AESGCM
#define HAVE_AESGCM
#undef GCM_SMALL
#define GCM_SMALL
// #undef WOLFSSL_SHA512
// #define WOLFSSL_SHA512
// #undef WOLFSSL_SHA384
// #define WOLFSSL_SHA384
#undef HAVE_HKDF
#define HAVE_HKDF
#undef HAVE_ECC
#define HAVE_ECC
// #undef ALT_ECC_SIZE
// #define ALT_ECC_SIZE
// #undef HAVE_COMP_KEY
// #define HAVE_COMP_KEY
#undef NO_DSA
#define NO_DSA
#undef NO_RC4
#define NO_RC4
#undef NO_HC128
#define NO_HC128
#undef NO_RABBIT
#define NO_RABBIT
#undef NO_RC4
#define NO_RC4
#undef NO_PSK
#define NO_PSK
#undef NO_MD4
#define NO_MD4
#undef NO_MD5
#define NO_MD5
#undef NO_DES3
#define NO_DES3
#undef NO_CAMELLIA
#define NO_CAMELLIA
#undef NO_BLAKE2B
#define NO_BLAKE2B
#undef NO_SHA
#define NO_SHA
#undef NO_RSA
#define NO_RSA
// #undef WC_NO_RSA_OAEP
// #define WC_NO_RSA_OAEP
// #undef WC_RSA_BLINDING
// #define WC_RSA_BLINDING
#undef NO_AES_CBC
#define NO_AES_CBC
#undef NO_PWDBASED
#define NO_PWDBASED
// #undef NO_ERROR_STRINGS
// #define NO_ERROR_STRINGS
// #undef WOLFSSL_NO_SIGALG
// #define WOLFSSL_NO_SIGALG
// #undef NO_HMAC
// #define NO_HMAC
// #undef HAVE_ENCRYPT_THEN_MAC
// #define HAVE_ENCRYPT_THEN_MAC
// #undef TFM_ECC256
// #define TFM_ECC256
#undef HAVE_CURVE25519
#define HAVE_CURVE25519
#undef CURVED25519_SMALL
#define CURVED25519_SMALL
#undef CURVE25519_SMALL
#define CURVE25519_SMALL
#undef ED25519_SMALL
#define ED25519_SMALL
#undef WC_RSA_PSS
#define WC_RSA_PSS
// #undef HAVE_POLY1305
// #define HAVE_POLY1305
// #undef HAVE_ONE_TIME_AUTH
// #define HAVE_ONE_TIME_AUTH
// #undef HAVE_CHACHA
// #define HAVE_CHACHA
// #undef HAVE_HASHDRBG
// #define HAVE_HASHDRBG
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES
#undef HAVE_EXTENDED_MASTER
#define HAVE_EXTENDED_MASTER
#undef NO_SESSION_CACHE
#define NO_SESSION_CACHE
#undef NO_PWDBASED
#define NO_PWDBASED
#undef WC_NO_ASYNC_THREADING
#define WC_NO_ASYNC_THREADING
// #undef HAVE_DH_DEFAULT_PARAMS
// #define HAVE_DH_DEFAULT_PARAMS
#undef USE_FAST_MATH
#define USE_FAST_MATH
// #undef FAST_HUGE_MATH
// #define FAST_HUGE_MATH
// #undef WOLFSSL_SP_SMALL
// #define WOLFSSL_SP_SMALL
#undef USE_SLOW_SHA
#define USE_SLOW_SHA
#undef NO_WOLFSSL_MEMORY
#define NO_WOLFSSL_MEMORY
#undef WOLFSSL_SMALL_STACK
#define WOLFSSL_SMALL_STACK
// #undef OPENSSL_EXTRA
// #define OPENSSL_EXTRA
#define HAVE_ECC384
#define HAVE_ECC_SECPR2
#define HAVE_ECC_SECPR3
#define HAVE_ALL_CURVES
#endif /* USER_SETTINGS_H */