You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by Sunnysunday
Pages 1
Thank you for the answer.
Is there a function to list all currently enabled cipher suites in my WOLFSSL?
Also, is there a way to enforce specific elliptic curves on cipher suites using DHE other than the ones currently usable with wolfSSL_UseSupportedCurve(), e.g. I would like the client to only present CURVE25519 (or the server to only accept that curve).
I don't understand why my DTLS 1.2 server is rejecting a cipher suite it is apparently supporting.
On the client side I have this:
wolfSSL_CTX_set_cipher_list(ctx, "DHE-PSK-AES128-CBC-SHA256");In wireshark I see this cipher suite being offered:
Cipher Suite: TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 (0x00b2)On the server side with
wolfSSL_get_ciphers(cipher_buffer, BUFFER_SIZE);
I see that the particular cipher is enabled:
DHE-PSK-AES128-CBC-SHA256I do however get a -501 error from the server. What could be wrong?:
wolfSSL Leaving DoClientHello, return -501
[15:33:43.709690] wolfSSL Leaving DoHandShakeMsgType(), return -501
[15:33:43.709696] wolfSSL Leaving DoDtlsHandShakeMsg(), return -501
[15:33:43.709702] wolfSSL Entering SendAlert
[15:33:43.709708] wolfSSL Entering SendAlert
[15:33:43.709714] SendAlert: 40 handshake_failure
[15:33:43.709720] growing output buffer
[15:33:43.709727] wolfSSL Entering EmbedSendTo
[15:33:43.710274] Shrinking output buffer
[15:33:43.710295] wolfSSL Leaving SendAlert, return 0
[15:33:43.710307] wolfSSL error occurred, error = 501 line:22167 file:src/internal.c
[15:33:43.710314] wolfSSL error occurred, error = 501 line:10166 file:src/ssl.c
[15:33:43.710323] wolfSSL Entering wolfSSL_get_error
[15:33:43.710329] wolfSSL Leaving wolfSSL_get_error, return -501
Great, thank you.
I have a DTLS client using wolfssl on Zephyr and a server on debian on which I have used the ./configure script to build wolfssl, with these options:
./configure --enable-debug --enable-dtls --enable-dtls13 --enable-dtlscid --enable-debug --enable-dtls --enable-dtls13 --enable-dtlscid --enable-opensslextra --enable-pskSome cipher suites I see are only available on the client side (I check via wolfSSL_get_ciphers()), so I know wolfssl supports them, but are not enabled on the server side.
What ./configure option should I use to enable the following ciphers:
PSK-AES128-GCM-SHA256
PSK-AES128-CBC-SHA256
Thank you.
I'm using WolfSSL's Connection ID in a DTLS setup and need to maintain session continuity when the client's IP changes mid-session. I understand that Connection ID should ideally allow packets to be identified with an existing session even if the IP changes.
However, when this happens, I get "Ignored packet from invalid peer" errors. Do I need to implement additional logic to associate new packets with the existing session manually, or should WolfSSL handle this by default with Connection ID?
Does the WolfSSL port for Zephyr support the DTLS Connection ID feature?
I’m aware that the mainline WolfSSL library supports Connection ID in its latest releases, but I want to confirm if this functionality is available and stable in the Zephyr environment.
Hi,
Thanks for answer. That's good news!
I am a student of computer science writing a Bachelor Thesis on the performance of DTLS (both v1.2 and v1.3) with and without ConnectionID over Narrowband-IoT networks. I will be using the Nordic Thingy:91 and wolfSSL to test that with CoAP data.
Is ConnectionID in WolfSSL only supported for DTLSv1.3 and not for DTLS1.2?
Pages 1
wolfSSL - Embedded SSL Library → Posts by Sunnysunday
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.016 seconds (94% PHP - 6% DB) with 5 queries