Topic: Compiling for Android with TLS1.3 support

Hello,

I am currently trying to use WolfSSL in an Android App. I have used this example: https://github.com/wolfSSL/wolfssl-exam … dk-gradle.

This works fine, but I would like to adjust it to also allow Tls 1.3. When I compile the library from the command line, i can enable it via "./configure --enable-tls13 && make" and the build runs successfully. However, I was not successful in adjusting the CMakeLists.txt in a way that enables Tls 1.3. I tried -DHAVE_TLS13 and other flags that seem to be required, but the build keeps crashing due to some obscure error messages like "error: no member named 'aead_enc_imp_IV' in 'struct Keys'" or other ones, depending on the flags I add. Can someone tell me how I can get a running configuration? I am not that experienced in Android developement and using cmake, so I am a bit lost here.

Share

Re: Compiling for Android with TLS1.3 support

Hi he1n,

Can you try adding these macros to the build:

-DWOLFSSL_TLS13
-DHAVE_TLS_EXTENSIONS
-DHAVE_SUPPORTED_CURVES
-DHAVE_ECC
-DHAVE_HKDF
-DHAVE_FFDHE_8192
-DWC_RSA_PSS

If those don't solve it I will ask our android expert to take a look!

Warm Regards,

K

Re: Compiling for Android with TLS1.3 support

Hi Kaleb,

I have added the macros you listed, but unfortunately I still get:

/Users/he1n/ExampleApp/wolfssl/src/tls13.c:1669:64: error: no member named 'aead_enc_imp_IV' in 'struct Keys'

Warm regards
he1n

Share

Re: Compiling for Android with TLS1.3 support

Update: I managed to get a successfull build by also adding one of theese (or both):

-DHAVE_AEAD
-DWOLFSSL_SESSION_EXPORT

However, when I try to connect, I get the following exception now:

E/AndroidRuntime: FATAL EXCEPTION: DefaultDispatcher-worker-1
    Process: com.example.sslplayground, PID: 27160
    javax.net.ssl.SSLHandshakeException: received alert fatal error (error code: -313)
    at com.wolfssl.provider.jsse.WolfSSLSocket.startHandshake(WolfSSLSocket.java:611)
    ...

Also, when I inspect the supported protocols during runtime, I see that TLS1.3 is listed. However, when I look at the supported/enabled cipher suites, the ciphersuites required by TLS1.3 are not listed?

Warm regards
he1n

Share

Re: Compiling for Android with TLS1.3 support

@he1n,

Which client_method() are you using?

wolfSSLv23_client_method() -> starts with highest protocol version and downgrades if server doesn't support that version
wolfTLSv1_2_client_method() -> Only supports TLS 1.2
wolfTLSv1_3_client_method() -> Only supports TLS 1.3
... etc.

- KH

6 (edited by he1n 2020-08-04 03:25:09)

Re: Compiling for Android with TLS1.3 support

I am actually using the wolfjsse provider, so I don't call any native function directly.

Share