You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by fwh
Pages 1
Hi Kareem,
Ok then the error is what I expected.
Then what decides which ephemeral keys are automatically generated? Because - as I mention - other curves seems to work fine without calling wolfSSL_UseKeyShare().
We are already in talks with Martin Engstrom about licenses. But we haven't yet decided if we want to go with wolfssl or an alternative library.
Regards,
Frederik
Hi,
We ran in to some (to us) unexpected behaviour while testing post quantum support in wolfssl. We build it with the following configuration:
./configure --with-liboqs --enable-kyber --enable-shared --enable-enckeys --enable-sni --enable-opensslextraWe have an openssl server that is configured to accept only the hybrid curve p384_kyber768. But when connecting with wolfssl the handshake fails with error: invalid parameter.
If we configure the server to accept only a "normal" curve like p384 the handshake succeeds.
So I was guessing that wolfssl might not enable post quantum curves by default. So I tried enabling the curve with
int groups[] = {WOLFSSL_P384_KYBER_LEVEL3};
int count = 1;
ret = wolfSSL_CTX_set_groups(sslCtx, groups, count);Unfortunately that didn't solve the issue. So I looked at your example client code and found that there were calls to wolfSSL_UseKeyShare().
So I added
wolfSSL_UseKeyShare(sslSession, WOLFSSL_P384_KYBER_LEVEL3)And now the handshake succeeds. But I am wondering why it does not work in the first place?
Is it a bug or a feature that I have to call wolfSSL_UseKeyShare() when using post quantum algorithms but not when using "normal" curves like p384?
Regards,
Frederik
Pages 1
wolfSSL - Embedded SSL Library → Posts by fwh
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.014 seconds (96% PHP - 4% DB) with 5 queries