Hi MO380,

-323 WANT_READ is an expected error during a connection, this just means you should call the connect/read function again until the error goes away.  The error is indicating wolfSSL needs to read additional data which hasn't come in yet.

Check out our LWIP example here: https://github.com/wolfSSL/wolfssl-exam … aster/lwip

Thanks,
Kareem

Hi Scott,

wolfSSL_get_ciphers gets the entire cipher list compiled into the library, it is not getting the currently enabled cipher list.  To get that, you can call wolfSSL_get_cipher_list_ex(ssl, priority).  You will need to make the WOLFSSL object from the WOLFSSL_CTX after you call wolfSSL_CTX_set_cipher_list for it to reflect the cipher list you've set.

Thanks,
Kareem

Hi bp787,

To enable wolfssl_dtls_set_mtu, you will need to build with WOLFSSL_DTLS_MTU defined, or if you are using ./configure, you can use --enable-dtls-mtu.

Setting the rx buffer size doesn't apply if you are not using IO callbacks.  Please try setting the MTU and let me know if it helps.

Thanks,
Karee

Hi dcanthony,

How much stack are you giving wolfSSL?  A very common source of crashes/issues is insufficient stack, wolfSSL generally needs about 20-30KB of stack.  As you are on an embedded system I would also recommend defining WOLFSSL_SMALL_STACK.
You may also be running into issues with entropy from your RNG or your RNG in general.  Are you confident your RNG is functioning correctly?

You are correct that you'll usually need additional defines for your RNG, I am not seeing a seed generation function for your platform's RNG so you will need to define your own.

I recommend basing your user_settings.h off of our template here: https://github.com/wolfSSL/wolfssl/blob … template.h
You will want to define your own seed generation function with CUSTOM_RAND_GENERATE: https://github.com/wolfSSL/wolfssl/blob … ate.h#L424

Since you're able to see debug logging, if possible I would recommend upgrading to 5.7.2 and defining WOLFSSL_DEBUG_TRACE_ERROR_CODES in addition to DEBUG_WOLFSSL, this will print error and line numbers in our debug logs.  This feature was added in 5.7.2 so you would need to upgrade for it.

It looks like you have an active support contract with us, can you follow up on this by emailing us at support [AT] wolfssl [DOT] com?  Please provide debug logs and your user_settings.h as well.

Thanks,
Kareem

Hi Leonie,

Thanks for the followup.  For FFDHE 3072, try defining the CFLAG HAVE_FFDHE_3072.

What size are your DH params?  Are you confident both wolf and OpenSSL are using the same size?  For wolfSSL, you should ideally use 2048, 3072 or 4096, as our code for 1024-bit is not as accelerated.

I would recommend trying WOLFSSL_OLD_PRIME_CHECK as well and seeing if it helps.

If you continue to see the same issue, it would help if you can profile your code and see which functions are taking the most time.

Thanks,
Kareem

Hi Preethi,

I am not able to see your build settings, can you reattach them?

For the best speed with ECC, I would recommend using SP math with SP math assembly speedups:

#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_MATH_ALL 
#define WOLFSSL_SP_ARM_CORTEX_M_ASM

ECC_SHAMIR is also a good define for speeding up ECC operations, I would recommend consulting the ECC section of our user_settings.h template here: https://github.com/wolfSSL/wolfssl/blob … template.h

Also make sure you are using our latest wolfSSL release, 5.7.2.

What is the size of the key you are trying to verify?

Thanks,
Kareem

Hello Craig,

Great question.  Since the forum post you linked, we have implemented a set of APIs for AES-GCM streaming which provides exactly what you're looking for.
Check out our example here: https://github.com/wolfSSL/wolfssl-exam … -encrypt.c  Build instructions here: https://github.com/wolfSSL/wolfssl-exam … crypto/aes
Note that you will need to build with --enable-aesgcm-stream to enable this feature.

Thanks,
Kareem

Hi ppawel87,

Please try defining WOLFSSL_CERT_EXT in your user_settings.h and let me know if it helps.
If not, please attach your certs and confirm which site you are trying to connect to.  If this information is sensitive, you may email us at support [AT] wolfssl [DOT] com with this information.

Thanks,
Kareem

Hi manya,

I just saw your updated post.  Disabling asm will work around the issue, but ideally I would like to get this fixed so you can benefit from our assembly optimizations as well.

Hi dcanthony,

For a bare metal ARM target, rather than using ./configure I would recommend using our GCC-ARM example: https://github.com/wolfSSL/wolfssl/tree … DE/GCC-ARM  This includes a user_settings.h file which defines the macro WOLFSSL_USER_CURRTIME, allowing it to define a custom custom_time function which does not depend on clock_gettime.  You can find this function in Source/wolf_main.c.  Note that you will need to implement your own hw_get_time_sec function which returns the RTC value if you are trying to verify the dates in certificates.

What modifications did you make to Makefile.common?

Thanks,
Kareem

Can you share your error log so I can assist further?
We don't have an example of using Visual Studio to build curl but it should work.

Hi Samuel,

I would recommend using our updated wolfSSH Visual Studio project and instructions from ide/winvs: https://github.com/wolfSSL/wolfssh/tree … /ide/winvs
You will want to use the DLL Debug/DLL Release build configurations, you can set your target to win32 with either config.

Thanks,
Kareem