Topic: Selecting cipher list using wolfSSL and TI-RTOS

I am using a TI EK-TM4C129EXL eval board to test communication with our cloud server application.  I’ve been trying to port the default application that came with it (called secure_iot) to hit against our cloud hosted endpoints to no avail.

I’ve captured the network traffic using wireshark and see that the “Client Hello” packet from the eval board lists 4 ciphers.  Our cloud server doesn’t allow any of these 4 ciphers so it closes the socket on receipt of the client hello.

I’ve tried using the wolfSSL_CTX_set_cipher_list() command at various places prior calling ServerConnect() but it always sends the same 4 ciphers.  It appears as if maybe somewhere in the TI-RTOS/wolfSSL integration that it overrides whatever I do.

What is the recommended way to specify a cipher list using wolfSSL and TI-RTOS (and it’s HTTP Client APIs)?

Is there a way to change the default cipher list for wolfSSL?

Share

Re: Selecting cipher list using wolfSSL and TI-RTOS

Hi tlkuester,

The control file for turning on and off supported ciphers is wolfssl/wolfssl/wolfcrypt/settings.h for working with TI-RTOS you will want to add any new defines to the section

#ifdef TIRTOS

If your servers support Elliptic Variants of Ephemeral Diffie Hellman you should be able to communicate with ECDHE suites.
To enable these suites add the following to the TIRTOS section in settings.h:

#define HAVE_ECC

ECDHE suites are widely supported but I am unsure of the configuration used by your endpoints.

If that does not work could you can send us a list of ciphers supported by your endpoints and we can gladly recommend features to turn on.

Best Regards,

Kaleb