Topic: TLS Client v1.3 connect problem with load google root CA

I've configured enable tls v1.3

I'm using

./examples/client/client

to test connect with client.

But when I want to access google's 443 port with root CA download from browser, it encounter fail with tls v1.3.
But It's ok with v1.2

And I also try to access www.cloudflare.com:443 with root CA download from browser. It seems ok with v1.3 and v1.2


Test Log as attachment.

Could anyone help me with this problem?

Post's attachments

test_log.txt 2 kb, 1 downloads since 2020-02-12 

You don't have the permssions to download the attachments of this post.

Share

Re: TLS Client v1.3 connect problem with load google root CA

Believe this is the same question as: https://github.com/wolfSSL/wolfssl/issues/2794


- K

Re: TLS Client v1.3 connect problem with load google root CA

This was resolved by sending the ServerNameIndication (sni) extension. wolfSSL was configured with --enable-sni --enable-tls13. Using the same GlobalSign-Root-CA-R2.pem as was used in a successful TLS 1.2 connection without the SNI extension:

kalebhimes@kalebs-MBP clean-wolfssl % ./examples/client/client -h www.google.com -p 443 -v 4 -g -S www.google.com -A google-certs/GlobalSign-Root-CA-R2.pem 
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
SSL connect ok, sending GET...
HTTP/1.0 404 Not Found
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1571
Date: Fri, 
14 Feb 2020 18:19:11 GMT
Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-

- K

Re: TLS Client v1.3 connect problem with load google root CA

Hi Kaleb,

Thanks for your quick response.

I will discuss with you on https://github.com/wolfSSL/wolfssl/issues/2794

Share