1 Topic by ravi.kumar (edited by ravi.kumar 2017-10-23 05:03:58)

  • Registered: 2016-09-10
  • Posts: 18

Topic: SSL TLS1.3 connectivity issues

Hi,
I am trying the below sequence of commands,
$ ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 or TLS13-AES256-GCM-SHA384
$ ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 or TLS13-AES256-GCM-SHA384

I am getting "Unsupported cipher suite, ClientHello" at server side and connection is getting terminated at the client side. Please help me to resolve this issue.

Thanks,
Ravi

Post's attachments

tls13_server_client_cap 7.16 kb, 3 downloads since 2017-10-23 

You don't have the permssions to download the attachments of this post.

Share

2 Reply by Kaleb J. Himes (edited by Kaleb J. Himes 2017-10-23 14:05:04)

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: SSL TLS1.3 connectivity issues

Hi ravi.kumar,

If you copied your commands into the question as you entered them then that would explain the issue, please use a colon delimited list like below:

khimes$ ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 &
[1] 6563
khimes$ ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!
I hear you fa shizzle!
[1]+  Done                    ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384

Also if you were using a colon dilimited list did you make sure to first configure wolfSSL with the correct settings:

./configure --enable-tls13 && make

Warm Regards,

Kaleb

Kaleb J. Himes's Website

Share

3 Reply by ravi.kumar (edited by ravi.kumar 2017-10-23 23:33:47)

  • Registered: 2016-09-10
  • Posts: 18

Re: SSL TLS1.3 connectivity issues

Hi Kaleb,
Thank you for your quick response.
I configured wolfSSL with the settings like, ./configure --enable-ecc -enable-tls13 && make.

And I'm using the below commands,
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384

./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256

In both the cases, I'm getting SSL_accept error -501, can't match cipher suite
wolfSSL error: SSL_accept failed. Request you to please check  the attached log for your reference of error.

Regards,
Ravi.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: SSL TLS1.3 connectivity issues

Hi Ravi,

The log did not come through. Could you please try to resend it?

- Kaleb

Kaleb J. Himes's Website

Share

5 Reply by ravi.kumar (edited by ravi.kumar 2017-10-29 22:30:00)

  • Registered: 2016-09-10
  • Posts: 18

Re: SSL TLS1.3 connectivity issues

Hi Kaleb,

I configured wolfSSL with the settings like, ./configure --enable-ecc -enable-tls13 && make.

And I'm using the below commands,
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384

./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256

In both the cases, I'm getting SSL_accept error -501, can't match cipher suite
wolfSSL error: SSL_accept failed. Request you to please check  the attached log for your reference of error.

Regards,
Ravi.

Post's attachments

tls13_server_client_cap 7.16 kb, 1 downloads since 2017-10-30 

You don't have the permssions to download the attachments of this post.

Share

  • Registered: 2017-11-01
  • Posts: 4

Re: SSL TLS1.3 connectivity issues

hello  can you tell me wish version you  use of wolfssl to run it with tls1.3

Share

7 Reply by ravi.kumar (edited by ravi.kumar 2017-11-02 00:08:46)

  • Registered: 2016-09-10
  • Posts: 18

Re: SSL TLS1.3 connectivity issues

Hi,
Thank you for your response.

I'm using wolfSSL-3.12.0 with the settings like,
./configure --enable-ecc -enable-tls13 && make.

And I'm giving the below commands to run server and client,
Server_1: ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256
Client_1: ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256

Server_2: ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384
Client_2: ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384


In both the cases, wolfssl server closing the client connection. Find the following debug messages,

Could not verify suite validity, continue
Unsupported cipher suite, ClientHello
wolfSSL Leaving DoTls13HandShakeMsgType(), return -501
wolfSSL Leaving DoTls13HandShakeMsg(), return -501
wolfSSL error occurred, error = -501
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -501
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -501
wolfSSL Entering ERR_error_string
SSL_accept error -501, can't match cipher suite
wolfSSL error: SSL_accept failed

Request you to please check  the attached log for your complete reference of error.

Regards,
Ravi.

Post's attachments

tls13_server_client_cap 7.16 kb, 1 downloads since 2017-11-02 

You don't have the permssions to download the attachments of this post.

Share

  • Registered: 2016-09-10
  • Posts: 18

Re: SSL TLS1.3 connectivity issues

Any update?

Share

9 Reply by Kaleb J. Himes (edited by Kaleb J. Himes 2017-11-06 16:42:45)

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: SSL TLS1.3 connectivity issues

Hi Ravi,

Could you please contact Rich Kelm (rich@wolfssl.com) to move this inquiry forward?


Warm Regards,

Kaleb

Kaleb J. Himes's Website

Share