<![CDATA[wolfSSL - Embedded SSL Library — Having MATCH_SUITE_ERROR error when after changing the cipher list]]> https://www.wolfssl.com/forums/topic1559-having-matchsuiteerror-error-when-after-changing-the-cipher-list.html Mon, 22 Jun 2020 22:43:41 +0000 PunBB <![CDATA[Re: Having MATCH_SUITE_ERROR error when after changing the cipher list]]> https://www.wolfssl.com/forums/post5293.html#p5293 Hi Waigor,

Are you trying to reuse the WOLFSSL_CTX between these connections? If the key/cert is loaded at the WOLFSSL_CTX level it gets shared/reused and only allows certain cipher suites. Have you tried loading the key/cert at the WOLFSSL object level using wolfSSL_use_certificate_file and wolfSSL_use_PrivateKey_file? If you'd like to share some code to review feel free to email us at support@wolfssl.com

Thanks,
David Garske, wolfSSL

]]> Mon, 22 Jun 2020 22:43:41 +0000 https://www.wolfssl.com/forums/post5293.html#p5293 <![CDATA[Re: Having MATCH_SUITE_ERROR error when after changing the cipher list]]> https://www.wolfssl.com/forums/post5292.html#p5292 Hi David,

Thanks for you reply. I'm currently giving the CTX 1MB (1,048,578 Bytes) memory, and it is still having error. I set the minimum version of TLS to version 1.

Here is the code for the cipher list:
static const char ec_cipher_list[] =
        "ECDHE-ECDSA-AES128-SHA256:"
        "ECDHE-ECDSA-AES128-GCM-SHA256:"
        "ECDHE-ECDSA-AES128-SHA:"
        "ECDHE-ECDSA-AES256-SHA384:"
        "ECDHE-ECDSA-AES256-GCM-SHA384:"
        "ECDHE-ECDSA-AES256-SHA";

static const char rsa_cipher_list[] =
        "ECDHE-RSA-AES128-GCM-SHA256:"
        "ECDHE-RSA-AES128-SHA:"
        "ECDHE-RSA-AES128-SHA256:"
        "ECDHE-RSA-AES256-GCM-SHA384:"
        "ECDHE-RSA-AES256-SHA:"
        "ECDHE-RSA-AES256-SHA384:"
        "ECDHE-RSA-DES-CBC3-SHA:"
        "DHE-RSA-AES128-SHA256:"
        "DHE-RSA-AES256-SHA256:"
        "DHE-RSA-AES128-SHA:"
        "DHE-RSA-AES256-SHA:"
        "EDH-RSA-DES-CBC3-SHA";

Here is a more clear graph with what is ok what is not, the changes both involve in certificate, key and cipher suites change:

ECC=======>RSA    not ok
RSA=======>ECC    ok
RSA=======>ECC=======>RSA   not ok

Thanks
Waigor

]]> Mon, 22 Jun 2020 22:27:26 +0000 https://www.wolfssl.com/forums/post5292.html#p5292 <![CDATA[Re: Having MATCH_SUITE_ERROR error when after changing the cipher list]]> https://www.wolfssl.com/forums/post5285.html#p5285 Hi waigor,

The RSA keys will use more memory. Have you tried increasing the static memory pool size? What cipher suites are you trying to use with RSA and what TLS version?

Thanks,
David Garske, wolfSSL

]]> Mon, 22 Jun 2020 14:45:56 +0000 https://www.wolfssl.com/forums/post5285.html#p5285 <![CDATA[Having MATCH_SUITE_ERROR error when after changing the cipher list]]> https://www.wolfssl.com/forums/post5275.html#p5275 Hi there,

In my application, my device initially use a ECC key and certificate with wolfSSL_CTX_use_certificate_file() and wolfSSL_CTX_use_PrivateKey_file(), then setting the cipher using API wolfSSL_CTX_set_cipher_list() with ECC cipher list. Later on, my devices generate a new certificate with RSA key, i repeat the step above with RSA cipher list, then Wolfssl report MATCH_SUITE_ERROR error during handshake.

If I do the another way around, initialise the device with RSA key, and switch to ECC key later on, this error will not happen.

Anyone know the cause of this and how to fix it? Or is there any limitations on this changing cipher list?

FYI, I initialize the WolfSSL with wolfSSL_Init() and wolfSSL_CTX_load_static_memory() API.

Thanks

]]> Fri, 19 Jun 2020 02:34:20 +0000 https://www.wolfssl.com/forums/post5275.html#p5275