1 (edited by donnie.dump 2021-08-30 07:04:13)

Topic: WolfSSL JSSE

Hi,
I have two unrelated questions regarding the WolfSSL TLS implementation (and thus the JSSE wrapper).
1) Does it allow for the legacy (insecure) renegotiation (the rfc5246 way) as a TLS client? Can this be somehow enabled (although its a bad practice)?
2) Also, does it support the usage of unnamed EC curves (that is explicit ECParameters)? This might seem a trivial question, but for example the SUN JSSE implementation does not support these keys.
Thanks for the help, cheers, Alex

Share

Re: WolfSSL JSSE

Hi Donnie.dump,

Can you tell us some about the background of how wolfSSL is being used? If the details can not be put on a public forum like this please contact us through support @ wolfssl.com.

wolfSSL natively does support unnammed and custom curves when compiled with ./configure --enable-ecccustcurves. The JSSE wrapper does not support custom curves though.

Regards,
Jacob

Share

Re: WolfSSL JSSE

Hi Jacob,

our goal is to use the Wolf JSSE implementation from a http client, when connecting to a ws endpoint. As the target server is not under our control, we are constrained to support both the insecure tls renegotiation, and custom curves to be able to successfully build up the connection. If I understand your answer correctly, unnamed curves won't be supported, when wolfSSL is being used through the provided JSSE wrapper. Is that correct? How about the renegotiation aspect (that is receiving a hello request from the server while the client is currently negotiating a session)?

Thanks in advance, Alex

Share